Menu
▾
▴
Re: [Iaxclient-devel] possible security hole in iax.c
|
From: Alexander V. <ava...@vo...> - 2008-04-22 22:14:49
|
Actually, in the updated patch I didn't include one change, so here is again an update, hopefully the last one Best regards Alex Alexander Vassilev wrote: > Hmm, seems the patch was broken, here is a newly generated one that works > > Regards > Alex > > > Alexander Vassilev wrote: >> Hi all, >> >> I am attaching a patch that fixes the forementioned problems. The code >> that was added to handle mini video frames also has a problem - in case >> the received frame is a mini video frame, a check is done only against >> the size of an audio miniheader, which is smaller, so a vulnerability >> similar to the one from Advisory ID: CORE-2006-0327 (coresecurity.com) >> is again present in iaxclient. This patch should fix it. >> >> Best regards >> Alex >> >> >> ------------------------------------------------------------------------- >> >> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference >> Don't miss this year's exciting event. There's still time to save >> $100. Use priority code J8TL2D2. >> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Iaxclient-devel mailing list >> Iax...@li... >> https://lists.sourceforge.net/lists/listinfo/iaxclient-devel > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > ------------------------------------------------------------------------ > > _______________________________________________ > Iaxclient-devel mailing list > Iax...@li... > https://lists.sourceforge.net/lists/listinfo/iaxclient-devel |
