Buffer Overflow in MultiTech VoIP Implementations

CVE	Category	Price	Severity
CVE-2014-8952	CWE-119	$1000	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2005-12-13

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2005120012

Below is a copy:

SecurityLab Technologies, Inc.
--- www.securitylab.net ---

Security Advisory
 Advisory Name: Buffer Overflow in MultiTech VoIP Implementations
  Release Date: December 05, 2005
   Application: MultiVoIP Gateway
Platform: Multiple
Severity: Moderate
  Author: Ejovi Nuwere <SLAB_research[AT]securitylab.net>
 Vendor Status: Patched in Version x.08
     Reference: http://www.securitylab.net/research/

Overview:
The MultiVOIP voice over IP gateway provides toll-free voice and fax
communications over the Internet or Intranet. Occasionally MultiTech
develops and licenses their VoIP Gateways and VoIP related stacks for
inclusion in third party platforms. Therefore, this bug may affect
products outside of the MultiTech line.

SecurityLab technologies has discovered a remote buffer overflow in
MultiTech's MultiVOIP product line that may lead to remote code 
execution.

Details:
The buffer overflow occurs in the SIP packet INVITE field with a
string greater than 60 characters. Testing was performed on an
embedded device with limited debug environment. Source code was not
avaible for further analysys.

Vendor Response:
Patched. Version x.08

Recommendation:
Contact vendor for current release.

Site of the day:
InfoSecDaily http://www.infosecdaily.net
security news for security professionals

Copyright 2005 SecurityLab Technologies, Inc. You may distribute freely
without modification.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum