Re: possible security hole in iax.c

Email lists > Cross-platform IAX clients development

Thread: Re: possible security hole in iax.c

Search this list only Search all lists
Re: possible security hole in iax.c
Bulgaria	2008-04-22 16:49:23
Hmm, seems the patch was broken, here is a newly generated one that works Regards Alex Alexander Vassilev wrote: > Hi all, > > I am attaching a patch that fixes the forementioned problems. The code > that was added to handle mini video frames also has a problem - in case > the received frame is a mini video frame, a check is done only against > the size of an audio miniheader, which is smaller, so a vulnerability > similar to the one from Advisory ID: CORE-2006-0327 (coresecurity.com) > is again present in iaxclient. This patch should fix it. > > Best regards > Alex > > > ------------------------------------------------------------ ------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;1987 57673;13503038;p?http://java.sun.com/javaone > ------------------------------------------------------------ ------------ > > _______________________________________________ > Iaxclient-devel mailing list > Iaxclient-devellists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/iaxclie nt-devel ------------------------------------------------------------ ------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;1987 57673;13503038;p?http://java.sun.com/javaone _______________________________________________ Iaxclient-devel mailing list Iaxclient-devellists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/iaxclie nt-devel



Re: possible security hole in iax.c
Bulgaria	2008-04-22 17:14:54
Actually, in the updated patch I didn't include one change, so here is again an update, hopefully the last one Best regards Alex Alexander Vassilev wrote: > Hmm, seems the patch was broken, here is a newly generated one that works > > Regards > Alex > > > Alexander Vassilev wrote: >> Hi all, >> >> I am attaching a patch that fixes the forementioned problems. The code >> that was added to handle mini video frames also has a problem - in case >> the received frame is a mini video frame, a check is done only against >> the size of an audio miniheader, which is smaller, so a vulnerability >> similar to the one from Advisory ID: CORE-2006-0327 (coresecurity.com) >> is again present in iaxclient. This patch should fix it. >> >> Best regards >> Alex >> >> >> ------------------------------------------------------------ ------------- >> >> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference >> Don't miss this year's exciting event. There's still time to save >> $100. Use priority code J8TL2D2. >> http://ad.doubleclick.net/clk;1987 57673;13503038;p?http://java.sun.com/javaone >> >> ------------------------------------------------------------ ------------ >> >> _______________________________________________ >> Iaxclient-devel mailing list >> Iaxclient-devellists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/iaxclie nt-devel > > ------------------------------------------------------------ ------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;1987 57673;13503038;p?http://java.sun.com/javaone > ------------------------------------------------------------ ------------ > > _______________________________________________ > Iaxclient-devel mailing list > Iaxclient-devellists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/iaxclie nt-devel ------------------------------------------------------------ ------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;1987 57673;13503038;p?http://java.sun.com/javaone _______________________________________________ Iaxclient-devel mailing list Iaxclient-devellists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/iaxclie nt-devel

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists