[Serusers] xlog - vulnerability
Alexander Philipp Lintenhofer
lintenhofer at aon.at
Sat Mar 12 09:31:59 CET 2005
Thank you, Elena.
I used an old 0.8.14 because i took the ftp version from July 04 and did
not fetch the source with cvs!
regards,
Philipp
Elena Ramona Modroiu schrieb:
> It should be fixed in the latest CVS version of the 0.8.14 branch as
> well as in the newer versions.
>
> Ramona
>
> Alexander Philipp Lintenhofer wrote:
>
>> Hi all,
>>
>> I just used the SIP-Version of Protos Test-Suite and realized a
>> vulnerability in xlog.so:
>> If you use xlog in ser.cfg and you inject the format string "%s%x%n"
>> as request-method than ser hangs up.
>> I use ser 0.8.14. The simulation tool is available at:
>> http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
>>
>> regards,
>> Philipp
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
More information about the sr-users
mailing list