CVE-2006-0359
published 2006-01-22CVE-2006-0359: Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a…
PriorityP334high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.92%
89.0th percentile
Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CounterPath eyeBeam 1.1 build 3010n - SIP Header Data Remote Buffer Overflow (2)
exploitdb·2006-01-15
CVE-2006-0359 CounterPath eyeBeam 1.1 build 3010n - SIP Header Data Remote Buffer Overflow (2)
CounterPath eyeBeam 1.1 build 3010n - SIP Header Data Remote Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/16253/info
A remote buffer-overflow vulnerability affects CounterPath eyeBeam because the application fails to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to crash the affected application. Presumably, remote arbitrary code execution may also be possible. This may facilitate unauthorized access or privilege escalation.
Information regarding specific versions affected is currently unavailable. This BID will be updated as further information is disclosed. Note that the eyeBeam package has been re-branded and redistributed by other vendors.
/***********************
Exploit-DB
CounterPath eyeBeam 1.1 build 3010n - SIP Header Data Remote Buffer Overflow (1)
exploitdb·2006-01-11
CVE-2006-0359 CounterPath eyeBeam 1.1 build 3010n - SIP Header Data Remote Buffer Overflow (1)
CounterPath eyeBeam 1.1 build 3010n - SIP Header Data Remote Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/16253/info
A remote buffer-overflow vulnerability affects CounterPath eyeBeam because the application fails to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to crash the affected application. Presumably, remote arbitrary code execution may also be possible. This may facilitate unauthorized access or privilege escalation.
Information regarding specific versions affected is currently unavailable. This BID will be updated as further information is disclosed. Note that the eyeBeam package has been re-branded and redistributed by other vendors.
/***********************
http://blog.donews.com/zwell/archive/2006/01/17/698810.aspxhttp://secunia.com/advisories/18516http://securityreason.com/securityalert/354http://www.securityfocus.com/archive/1/422009/100/0/threadedhttp://www.securityfocus.com/archive/1/446573/100/0/threadedhttp://www.securityfocus.com/bid/16253http://www.vupen.com/english/advisories/2006/0259https://exchange.xforce.ibmcloud.com/vulnerabilities/24181http://blog.donews.com/zwell/archive/2006/01/17/698810.aspxhttp://secunia.com/advisories/18516http://securityreason.com/securityalert/354http://www.securityfocus.com/archive/1/422009/100/0/threadedhttp://www.securityfocus.com/archive/1/446573/100/0/threadedhttp://www.securityfocus.com/bid/16253http://www.vupen.com/english/advisories/2006/0259https://exchange.xforce.ibmcloud.com/vulnerabilities/24181
2006-01-22
Published