Bug#412904: openser: CVE-2006-6875 / CVE-2006-6876 still unfixed in
Etch
Moritz Muehlenhoff
jmm at debian.org
Wed Feb 28 20:54:08 UTC 2007
Package: openser
Version: 1.1.0-9
Severity: grave
Tags: security
Justification: user security hole
While these two vulnerabilities have been fixed in sid in 1.1.1, they
still affect Etch:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6875:
Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in
OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6876:
The fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.1.0 and earlier might
allow remote attackers to execute arbitrary code via a crafted SMS message, triggering memory
corruption when the "beginning" buffer is copied to the third (pdu) argument.
Cheers,
Moritz
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
More information about the Pkg-voip-maintainers
mailing list