[Serusers] xlog - vulnerability
Elena Ramona Modroiu
ramona at voice-system.ro
Sat Mar 12 00:15:34 CET 2005
It should be fixed in the latest CVS version of the 0.8.14 branch as
well as in the newer versions.
Ramona
Alexander Philipp Lintenhofer wrote:
> Hi all,
>
> I just used the SIP-Version of Protos Test-Suite and realized a
> vulnerability in xlog.so:
> If you use xlog in ser.cfg and you inject the format string "%s%x%n"
> as request-method than ser hangs up.
> I use ser 0.8.14. The simulation tool is available at:
> http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
>
> regards,
> Philipp
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list