Vulnerabilities > CVE-2006-3524 - Remote Buffer-Overflow vulnerability in SIPfoundry SIPXtapi CSeq Processing
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description SIPfoundry sipXphone 2.6.0.27 CSeq Buffer Overflow. CVE-2006-3524. Remote exploit for windows platform id EDB-ID:16352 last seen 2016-02-01 modified 2010-06-15 published 2010-06-15 reporter metasploit source https://www.exploit-db.com/download/16352/ title SIPfoundry sipXphone 2.6.0.27 CSeq Buffer Overflow description AIM Triton 1.0.4 CSeq Buffer Overflow. CVE-2006-3524. Remote exploit for windows platform id EDB-ID:16353 last seen 2016-02-01 modified 2010-06-15 published 2010-06-15 reporter metasploit source https://www.exploit-db.com/download/16353/ title AIM Triton 1.0.4 CSeq Buffer Overflow description SIPfoundry sipXtapi (CSeq) Remote Buffer Overflow Exploit PoC. CVE-2006-3524. Dos exploit for hardware platform id EDB-ID:2000 last seen 2016-01-31 modified 2006-07-10 published 2006-07-10 reporter Michael Thumann source https://www.exploit-db.com/download/2000/ title SIPfoundry sipXtapi CSeq Remote Buffer Overflow Exploit PoC description SIPfoundry sipXezPhone 0.35a CSeq Field Overflow. CVE-2006-3524. Remote exploit for windows platform id EDB-ID:16351 last seen 2016-02-01 modified 2010-06-15 published 2010-06-15 reporter metasploit source https://www.exploit-db.com/download/16351/ title SIPfoundry sipXezPhone 0.35a CSeq Field Overflow
Metasploit
description This module exploits a buffer overflow in SIPfoundry's sipXezPhone version 0.35a. By sending an long CSeq header, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the affected application. id MSF:EXPLOIT/WINDOWS/SIP/SIPXEZPHONE_CSEQ last seen 2020-02-29 modified 2017-07-24 published 2006-09-13 references https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3524 reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/sip/sipxezphone_cseq.rb title SIPfoundry sipXezPhone 0.35a CSeq Field Overflow description This module exploits a buffer overflow in SIPfoundry's sipXphone 2.6.0.27. By sending an overly long CSeq value, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the affected application. id MSF:EXPLOIT/WINDOWS/SIP/SIPXPHONE_CSEQ last seen 2020-03-14 modified 2017-07-24 published 2006-11-01 references https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3524 reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/sip/sipxphone_cseq.rb title SIPfoundry sipXphone 2.6.0.27 CSeq Buffer Overflow description This module exploits a buffer overflow in AOL\'s AIM Triton 1.0.4. By sending an overly long CSeq value, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the affected application. id MSF:EXPLOIT/WINDOWS/SIP/AIM_TRITON_CSEQ last seen 2020-06-13 modified 2017-07-24 published 2006-11-02 references https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3524 reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/sip/aim_triton_cseq.rb title AIM Triton 1.0.4 CSeq Buffer Overflow
Nessus
| NASL family | Misc. |
| NASL id | SIPXTAPI_CSEQ_OVERFLOW.NASL |
| description | The remote host is running a SIP user agent that appears to be compiled using a version of SIP Foundry |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 22092 |
| published | 2006-07-25 |
| reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/22092 |
| title | sipXtapi INVITE Message CSeq Field Header Remote Overflow |
Packetstorm
data source https://packetstormsecurity.com/files/download/83094/sipxezphone_cseq.rb.txt id PACKETSTORM:83094 last seen 2016-12-05 published 2009-11-26 reporter MC source https://packetstormsecurity.com/files/83094/SIPfoundry-sipXezPhone-0.35a-CSeq-Field-Overflow.html title SIPfoundry sipXezPhone 0.35a CSeq Field Overflow data source https://packetstormsecurity.com/files/download/83080/aim_triton_cseq.rb.txt id PACKETSTORM:83080 last seen 2016-12-05 published 2009-11-26 reporter MC source https://packetstormsecurity.com/files/83080/AIM-Triton-1.0.4-CSeq-Buffer-Overflow.html title AIM Triton 1.0.4 CSeq Buffer Overflow data source https://packetstormsecurity.com/files/download/82931/sipxphone_cseq.rb.txt id PACKETSTORM:82931 last seen 2016-12-05 published 2009-10-30 reporter MC source https://packetstormsecurity.com/files/82931/SIPfoundry-sipXphone-2.6.0.27-CSeq-Buffer-Overflow.html title SIPfoundry sipXphone 2.6.0.27 CSeq Buffer Overflow
Saint
| bid | 18906 |
| description | sipXtapi Cseq header buffer overflow |
| id | misc_sipxtapi |
| osvdb | 27122 |
| title | sipxtapi_cseq |
| type | remote |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047757.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047794.html
- http://secunia.com/advisories/20997
- http://securitytracker.com/id?1016455
- http://www.osvdb.org/27122
- http://www.securityfocus.com/archive/1/439617/100/0/threaded
- http://www.securityfocus.com/archive/1/440135/100/0/threaded
- http://www.securityfocus.com/bid/18906
- http://www.vupen.com/english/advisories/2006/2735
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27681