![]() |
Buffer overflow vulnerability in Nortel Networks PC Client may allow a remote attacker to execute arbitrary code on the host
OverviewA buffer overflow vulnerability SIP message parsing module of Nortel Networks PC Client SIP phone may allow a remote attacker to execute arbitrary code on host machine or crash the phone. ImpactSuccessfully sending a malformed message to the phone crashes the phone and causes denial of service to the user. Attacker can exploit this vulnerability to execute arbitrary code on the host machine where the Nortel Networks PC Client is installed. Description
Nortel Networks PC Client is a PC-based user application that provides multimedia communications features to users. A buffer overflow vulnerability exists in the SIP header parsing module of Nortel Networks PC Client which may allow a remote attacker to crash the phone. This results in a complete denial of service to the user. Sending such message to multiple users may results in denial of service to large number of users. Additionally, this buffer overflow can also be exploited to execute arbitrary code on the host where the vulnerable phone is installed. If restarted, the phone does function normally. Related Links
Phone SIP stack implementation should be patched to prevent exploiting such vulnerability. Vendor Response:Nortel is aware of Security Advisory VIPER-2007-044 as issued by the Sipera VIPER lab team. We are actively investigating the details in this Advisory to confirm that our latest SIP phones are not susceptible to this vulnerability. A formal Nortel Security Bulletin addressing this Advisory is expected to be available by July 31st. For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com |
UC Security Defined
Sipera Systems, the leader in real-time Unified
Communications (UC) security, is the choice of enterprises
and service providers around the world to support their
mission-critical UC deployments.
Sipera offers groundbreaking, production-proven solutions
that secure voice, video, messaging, collaboration, and
other real-time communications in converged IP networks,
boosting compliance with information security requirements.
Backed by the industry-leading research of the VIPER lab,
Sipera's solutions provide comprehensive threat protection,
policy enforcement, access control, and encryption in a
single flexible appliance.