CVE-2006-2923 Information

Description

The iax_net_read function in the iaxclient open source library as used in multiple products including (a) LoudHush 1.3.6 (b) IDE FISK 1.35 and earlier (c) Kiax 0.8.5 and earlier (d) DIAX (e) Ziaxphone (f) IAX Phone (g) X-lite (h) MediaX (i) Extreme Networks ePhone and (j) iaxComm before 1.2.0 allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames which are detected in a length check but still processed leading to buffer overflows related to negative length values.

Reference

http://iaxclient.sourceforge.net/iaxcomm/ http://secunia.com/advisories/20466 http://secunia.com/advisories/20560 http://secunia.com/advisories/20567 http://secunia.com/advisories/20623 http://secunia.com/advisories/20900 http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960 http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10 http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml http://www.loudhush.ro/changelog.txt http://www.securityfocus.com/archive/1/436638/100/0/threaded http://www.securityfocus.com/bid/18307 http://www.vupen.com/english/advisories/2006/2180 http://www.vupen.com/english/advisories/2006/2284 http://www.vupen.com/english/advisories/2006/2285 http://www.vupen.com/english/advisories/2006/2286 https://exchange.xforce.ibmcloud.com/vulnerabilities/27047