 |
 |
    |
Buffer overflow vulnerability in Avaya one-X Desktop Edition may allow an attacker to cause denial of service
OverviewA buffer overflow vulnerability SIP message parsing module of Avaya one-X Desktop Edition SIP phone may allow a remote attacker to partially disable the phone. ImpactSuccessfully sending a malformed message to the phone disables the phone from receiving new calls, causing denial of service to the user. The phone may also repeatedly call last dialed number few times. Description
Avaya one-X™ Desktop Edition, formerly Avaya SIP soft phone, transforms Windows-based PCs into SIP-based collaboration endpoints. A buffer overflow vulnerability exists in the SIP header parsing module of Avaya one-X phone which may allow a remote attacker to disable the phone’s call receiving capability. If an attacker can send a malformed SIP message to the phone, the phone may not be able to receive further new calls causing denial of service to the user. User may not know this unless explicitly informed by other users. The phone must be restarted to recover from this state. Solution
Phone SIP stack implementation should be patched to prevent exploiting such vulnerability. Vendor Response:Avaya: The official response for the one-X Desktop Edition vulnerabilities, ASA-2007-241, is posted at http://support.avaya.com/elmodocs2/security/ASA-2007-241.htmFor more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com |
Unified Communications Unleashed
Sipera Systems is the worldwide market leader in solutions for the rapid and simple adoption of Unified Communications (UC).
Thousands of users around the globe rely on Sipera to secure VoIP, IP video, collaboration, messaging and dozens of other high-performance applications.
Sipera’s groundbreaking “Borderless UC” enables controlled communications to any device in any location.
Years of UC Security experience is contained in Sipera unified communications (UC-Sec) products. These appliances benefit from the research conducted by Sipera VIPER Lab to provide comprehensive threat protection, policy enforcement, access control, and privacy in a single, real-time appliance.