Bug#446956: CVE-2007-5469 toll fraud and authentication forward attack
Nico Golde
nion at debian.org
Tue Oct 16 21:42:27 UTC 2007
Package: openser
Version: 1.1.0-9etch1
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for openser.
CVE-2007-5469[0]:
| OpenSER 1.2.2 does not verify the Digest authentication header URI
| against the Request URI in SIP messages, which allows remote attackers
| to use sniffed Digest authentication credentials to call arbitrary
| telephone numbers or spoof caller ID (aka "toll fraud and
| authentication forward attack").
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5469
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20071016/af3a4e75/attachment.pgp
More information about the Pkg-voip-maintainers
mailing list