CVE-2007-4924
published 2007-10-08CVE-2007-4924: The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
10.68%
95.3th percentile
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ekiga | ekiga | <= 2.0.9 | — |
| openh323_project | openh323 | <= 2.2.3 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
opal vulnerability
vendor_ubuntu·2008-01-08
CVE-2007-4924 opal vulnerability
Title: opal vulnerability
Summary: opal vulnerability
Jose Miguel Esparza discovered that certain SIP headers were not correctly
validated. A remote attacker could send a specially crafted packet to
an application linked against opal (e.g. Ekiga) causing it to crash, leading
to a denial of service.
Instructions: After a standard system upgrade you need to restart your session to effect
the necessary changes.
Red Hat
ekiga remote crash caused by insufficient input validation
vendor_redhat·2007-09-17·CVSS 5.0
CVE-2007-4924 [MEDIUM] CWE-20 ekiga remote crash caused by insufficient input validation
ekiga remote crash caused by insufficient input validation
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
GHSA
GHSA-55xh-gq2p-rgv2: The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2
ghsa_unreviewed·2022-05-01
CVE-2007-4924 [MEDIUM] CWE-20 GHSA-55xh-gq2p-rgv2: The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
No detection rules found.
Bugzilla
CVE-2007-4897 CVE-2007-4924 opal various flaws [F7]
bugzilla·2007-09-20·CVSS 5.0
CVE-2007-4897 [MEDIUM] CVE-2007-4897 CVE-2007-4924 opal various flaws [F7]
CVE-2007-4897 CVE-2007-4924 opal various flaws [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Sorry, F7 version is not affected by CVE-2007-4897. Updating dependencies.
---
And I'm pushing the latest Ekiga/opal/pwlib to testing updates anyway, hopefully
this will clear everything up !
Daniel
---
Please do push to stable unless problems arose.
---
FEDORA-2007-2245. Not quite that thing though. Related at least.
Bugzilla
CVE-2007-4897 CVE-2007-4924 opal various flaws [FC6]
bugzilla·2007-09-20·CVSS 5.0
CVE-2007-4897 [MEDIUM] CVE-2007-4897 CVE-2007-4924 opal various flaws [FC6]
CVE-2007-4897 CVE-2007-4924 opal various flaws [FC6]
FC6 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Ping on this. When will it be possible to roll the updated packages?
---
Fedora Core 6 has reached End of Life. Problem is fixed in current Fedora versions.
Bugzilla
CVE-2007-4924 ekiga remote crash caused by insufficient input validation
bugzilla·2007-09-19·CVSS 5.0
CVE-2007-4924 [MEDIUM] CVE-2007-4924 ekiga remote crash caused by insufficient input validation
CVE-2007-4924 ekiga remote crash caused by insufficient input validation
José Miguel Esparza discovered that insufficient input validation is performed
on SIP protocol header field 'Content-Length' by opal library used by ekiga.
This flaw can be used to write '\0' byte to attacker-controlled address and
crash ekiga. Ekiga 2.0.10 using opal library 2.2.10 was released to address
this issue.
Ekiga 2.0.10 release notes:
http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html
CVS commit pointed out by upstream:
http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20&pathrev=Phobos
(some of the previous commits may be required to get complete checks / fix)
Discussion:
Created attachment 208511
Patch backported from CVS.
---
Fixed in
Bugzilla
CVE-2007-4897 ekiga GetHostAddress remote DoS
bugzilla·2007-09-17·CVSS 5.0
CVE-2007-4897 [MEDIUM] CVE-2007-4897 ekiga GetHostAddress remote DoS
CVE-2007-4897 ekiga GetHostAddress remote DoS
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4897 to the following vulnerability:
The SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting) 2.0.5 and
earlier allows remote attackers to cause a denial of service (application
crash) via unspecified vectors, related to "bad management of memory
allocation."
References:
http://www.securityfocus.com/bid/25642
http://www.s21sec.com/avisos/s21sec-036-en.txt
http://marc.info/?l=full-disclosure&m=118959114522339&w=2
Note:
Advisory posted to full-disclosure stated versions 2.0.5 and prior are
vulnerable. s21sec site seems to have updated advisory stating version
2.0.7 is also vulnerable.
Discussion:
s21sec advisory is a bit vague. Their blog contains bit more inf
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.htmlhttp://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.htmlhttp://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20http://osvdb.org/41637http://secunia.com/advisories/27118http://secunia.com/advisories/27128http://secunia.com/advisories/27129http://secunia.com/advisories/27271http://secunia.com/advisories/27524http://secunia.com/advisories/28380http://www.mandriva.com/security/advisories?name=MDKSA-2007:205http://www.redhat.com/support/errata/RHSA-2007-0957.htmlhttp://www.s21sec.com/avisos/s21sec-037-en.txthttp://www.securityfocus.com/archive/1/482120/30/4500/threadedhttp://www.securityfocus.com/bid/25955http://www.securitytracker.com/id?1018776http://www.ubuntu.com/usn/usn-562-1http://www.vupen.com/english/advisories/2007/3413http://www.vupen.com/english/advisories/2007/3414https://bugzilla.redhat.com/show_bug.cgi?id=296371https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11398https://www.exploit-db.com/exploits/9240http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.htmlhttp://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.htmlhttp://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20http://osvdb.org/41637http://secunia.com/advisories/27118http://secunia.com/advisories/27128http://secunia.com/advisories/27129http://secunia.com/advisories/27271http://secunia.com/advisories/27524http://secunia.com/advisories/28380http://www.mandriva.com/security/advisories?name=MDKSA-2007:205http://www.redhat.com/support/errata/RHSA-2007-0957.htmlhttp://www.s21sec.com/avisos/s21sec-037-en.txthttp://www.securityfocus.com/archive/1/482120/30/4500/threadedhttp://www.securityfocus.com/bid/25955http://www.securitytracker.com/id?1018776http://www.ubuntu.com/usn/usn-562-1http://www.vupen.com/english/advisories/2007/3413http://www.vupen.com/english/advisories/2007/3414https://bugzilla.redhat.com/show_bug.cgi?id=296371https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11398https://www.exploit-db.com/exploits/9240
2007-10-08
Published