Nortel IP Softphone UNIStim RTCP buffer overflow
| nortel-ipsoftphone-rtcp-bo (37256) |  High Risk |
Description:
The Nortel IP Softphone 2050 is vulnerable to a buffer overflow, caused by improper bounds checking of packets sent to the RTCP port. By sending multiple invalid packets to the RTCP port on a vulnerable system, a remote attacker could overflow a buffer and execute arbitrary code or cause the application to crash.
*CVSS:
| Base Score: | 8.3 |
| Access Vector: | Adjacent Network |
| Access Complexity: | Low |
| Authentication: | None |
| Confidentiality Impact: | Complete |
| Integrity Impact: | Complete |
| Availability Impact: | Complete |
| Temporal Score: | 6.5 |
| Exploitability: | Proof-of-Concept |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Gain Access
Remedy:
Refer to Nortel Technical Support Security Advisory Bulletin 2007008382 for patch, upgrade, or suggested workaround information. See References.
References:
- COMPASS SECURITY ADVISORY: October, 18th 2007: UNIStim IP Softphone Buffer-Overflow.
- NORTEL BULLETIN ID: 2007008382, Rev 2: UNIStim IP Softphone - Potential Vulnerability Due to Buffer Overflow.
- Nortel Technical Support Security Advisory Bulletin 2007008382: UNIStim IP Softphone - Potential Vulnerability Due to Buffer Overflow.
- BID-26118: Nortel Networks UNIStim IP Softphone RTCP Port Buffer Overflow Vulnerability
- CVE-2007-5636: Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka extraneous messaging.
- SA27252: Nortel IP Softphone 2050 Buffer Overflow Vulnerability
- VUPEN/ADV-2007-3540: Nortel IP Softphone 2050 Remote Buffer Overflow and DoS Vulnerability
Platforms Affected:
- Nortel IP Softphone 2050
Reported:
Oct 17, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.