SIPfoundry SIPXtapi CSeq Processing Remote Buffer-Overflow Vulnerability

SIPfoundry SIPXtapi CSeq Processing Remote Buffer-Overflow Vulnerability

The sipXtapi product is reported to be prone to a remote buffer-overflow vulnerability. This issue presents itself when the application handles a specially crafted 'CSeq' value.

A successful attack may lead to unauthorized remote access in the context of a user running an affected application that uses the vulnerable library.

Reports indicate that sipXtapi versions that were released prior to March 24, 2006 are vulnerable to this issue. Certain PingTel products and versions of AOL Triton may be affected because they employ the vulnerable library.