CVE-2006-2923

critical

Description

The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27047

http://www.vupen.com/english/advisories/2006/2286

http://www.vupen.com/english/advisories/2006/2285

http://www.vupen.com/english/advisories/2006/2284

http://www.vupen.com/english/advisories/2006/2180

http://www.securityfocus.com/bid/18307

http://www.securityfocus.com/archive/1/436638/100/0/threaded

http://www.loudhush.ro/changelog.txt

http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml

http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10

http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960

http://secunia.com/advisories/20900

http://secunia.com/advisories/20623

http://secunia.com/advisories/20567

http://secunia.com/advisories/20560

http://secunia.com/advisories/20466

http://iaxclient.sourceforge.net/iaxcomm/

Details

Source: Mitre, NVD

Published: 2006-06-09

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical