CVE-2007-6627 - Numeric Errors vulnerability in Feng 0.1.15

Publication

2008-01-04

Last modification

2018-10-15

Summary

Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an RTP packet with a size value of 0xffff.

Description

Feng is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities.Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the server application. Attackers may also crash the application, denying service to legitimate users.Feng 0.1.15 is vulnerable to these issues; other versions may also be affected.

Solution

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Exploit

The following proof-of-concept code is available: /data/vulnerabilities/exploits/fengulo.zip

Classification

CWE-189 - Numeric Errors

Risk level (CVSS AV:N/AC:L/Au:N/C:P/I:P/A:P)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Feng Feng  0.1.15