Published November 16th, 2006
in Research.
— SecurityLab Technologies, Inc.
— Security Advisory
— http://www.securitylab.net
Advisory Name: NetBSD / OpenBSD kernfs_xread patch evasion
Release Date: February 02, 2006
Application: kernfs
Platform: NetBSD / OpenBSD
Severity: Severe
Author: SLAB Research
Vendor Status: Patched
Reference: http://www.securitylab.net/research/
Overview:
Due to a flaw in the original patch implemented by the NetBSD team in
release 2.0.3 the kernfs_xread function was still vulnerable to
exploitation. The original patch failed to manage […]
Published November 16th, 2006
in Research.
SecurityLab Technologies, Inc.
— www.securitylab.net —
Security Advisory
Advisory Name: Buffer Overflow in MultiTech VoIP Implementations
Release Date: December 05, 2005
Application: MultiVoIP Gateway
Platform: Multiple
Severity: Moderate
Author: Ejovi Nuwere
Vendor Status: Patched in Version x.08
Reference: http://www.securitylab.net/research/
Overview:
The MultiVOIP voice over IP gateway provides toll-free voice and fax communications over the Internet or Intranet. Occasionally MultiTech develops and licenses their VoIP Gateways and […]
Published November 16th, 2006
in Research.
By Ejovi Nuwere
Our Presentation VON Fall 2005 on Fundamental VoIP vulnerabilities (PDF)
Published November 16th, 2006
in Research.
BLACKHAT BRIEFINGS 2005
By Ejovi Nuwere & Mikko Varpiola
Presentation file (PDF) from our presentation at Blackhat.
Published November 16th, 2006
in Research.
Example PDU’s from our Blackhat talk.
BlackHat Briefings USA 2005 - The Art of SIP Fuzzing and vulnerabilities found in VoIP.
Example test cases for applying different types of anomalies to SIP
messages. Use at your own risk. In many ways these messages are
similar to those presented in SIP torture tests draft. These test
cases are released to be […]
Published November 16th, 2006
in Research.
Advisory Name: Ethereal 0.10.10 SIP Dissector Overflow
Release Date: 05/07/05
Application: Ethereal 0.10.10 and Prior
Platform: Multiple
Severity: A remote attacker can execute arbitrary commands
Author: Ejovi Nuwere
Vendor Status: Vendor has published patch
Reference: http://www.securitylab.net/ethereal-0-10-10.txt
Overview:
Ethereal is a popular open source network sniffer. It has the ability to inspect and dissect more then 600 protocols. Ethereal is used by network professionals around […]
