Secunia Security Advisory - Ejovi Nuwere has reported a vulnerability in MultiTech MultiVoIP Gateway, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
9590e74a85f7d243daee76f7726dcc859be98f02d29f8145d23603020153d95a
TITLE:
MultiTech MultiVoIP Gateway Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA17852
VERIFY ADVISORY:
http://secunia.com/advisories/17852/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
OPERATING SYSTEM:
MultiTech MultiVOIP Gateway MPV810
http://secunia.com/product/6381/
MultiTech MultiVOIP Gateway MVP130
http://secunia.com/product/6378/
MultiTech MultiVOIP Gateway MVP210
http://secunia.com/product/6379/
MultiTech MultiVOIP Gateway MVP2410
http://secunia.com/product/6382/
MultiTech MultiVOIP Gateway MVP3010
http://secunia.com/product/6383/
MultiTech MultiVOIP Gateway MVP410
http://secunia.com/product/6380/
DESCRIPTION:
Ejovi Nuwere has reported a vulnerability in MultiTech MultiVoIP
Gateway, which potentially can be exploited by malicious people to
cause a DoS (Denial of Service).
The vulnerability is caused due to a boundary error when parsing SIP
packets. This can be exploited to cause a buffer overflow via a
specially crafted SIP packet with an INVITE field that is longer than
60 characters.
Successful exploitation causes the device to reboot.
The vulnerability has been reported in models MVP130, MVP210, MVP410,
MPV810, MVP2410, and MVP3010.
SOLUTION:
The vulnerability has been fixed in the X.08 release, which is
available from the vendor.
PROVIDED AND/OR DISCOVERED BY:
Ejovi Nuwere, SecurityLab Technologies.
ORIGINAL ADVISORY:
http://www.securitylab.net/research/2005/12/buffer_overflow_in_multitech_v.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------