Multiple stack-based buffer... CVE-2008-2085 CNNVD-200805-096

7.5 AV AC AU C I A
发布: 2008-05-12
修订: 2017-08-08

SIPp是免费的开源SIP协议测试工具和通讯生成器。 SIPp在处理畸形请求数据时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 SIPp的call.cpp文件中的get_remote_ip_media()和get_remote_ipv6_media()函数中存在栈溢出漏洞: 122 uint32_t get_remote_ip_media(char *msg) 123 { 124 char pattern[] = "c=IN IP4 "; 125 char *begin, *end; 126 char ip[32]; 127 begin = strstr(msg, pattern); 128 if (!begin) { 129 /* Can't find what we're looking at -> return no address */ 130 return INADDR_NONE; 131 } 132 begin += sizeof("c=IN IP4 ") - 1; 133 end = strstr(begin, "\r\n"); 134 if (!end) 135 return INADDR_NONE; 136 memset(ip, 0, 32); 137 strncpy(ip, begin, end - begin); 138 return inet_addr(ip); 139 } 145 uint8_t get_remote_ipv6_media(char *msg, struct in6_addr addr) 146 { 147 char pattern[] = "c=IN IP6 "; 148 char *begin, *end; 149 char ip[128]; 150 151 memset(&addr, 0, sizeof(addr)); 152 memset(ip, 0, 128); 153 154 begin = strstr(msg, pattern); 155 if (!begin) { 156 /* Can't find what we're looking at -> return no address */ 157 return 0; 158 } 159 begin += sizeof("c=IN IP6 ") -...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有1条受影响产品信息