Nortel IP Softphone UNIStim RTCP buffer overflow
| nortel-ipsoftphone-rtcp-bo (37256) |  High Risk |
Description:
The Nortel IP Softphone 2050 is vulnerable to a buffer overflow, caused by improper bounds checking of packets sent to the RTCP port. By sending multiple invalid packets to the RTCP port on a vulnerable system, a remote attacker could overflow a buffer and execute arbitrary code or cause the application to crash.
Platforms Affected:
- Nortel, IP Softphone 2050
Remedy:
Refer to Nortel Technical Support Security Advisory Bulletin 2007008382 for patch, upgrade, or suggested workaround information. See References.
Consequences:
Gain Access
References:
- COMPASS SECURITY ADVISORY: October, 18th 2007, UNIStim IP Softphone Buffer-Overflow at http://www.csnc.ch/static/advisory/csnc/nortel_UNIStim_IP_softphone_buffer-overflow_v1.0.txt.
- NORTEL BULLETIN ID: 2007008382, Rev 2, UNIStim IP Softphone - Potential Vulnerability Due to Buffer Overflow at http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=696882.
- Nortel Technical Support Security Advisory Bulletin 2007008382, UNIStim IP Softphone - Potential Vulnerability Due to Buffer Overflow at http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655203.
- BID-26118: Nortel Networks UNIStim IP Softphone RTCP Port Buffer Overflow Vulnerability
- CVE-2007-5636: Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka extraneous messaging.
- FrSIRT/ADV-2007-3540: Nortel IP Softphone 2050 Remote Buffer Overflow and DoS Vulnerability
- SA27252: Nortel IP Softphone 2050 Buffer Overflow Vulnerability
Reported:
Oct 17, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net