Re: SMS handling OpenSER remote code executing

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: SMS handling OpenSER remote code executing
From: bogdan@xxxxxxxxxxxxxxx
Date: 4 Jan 2007 15:34:54 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Thanks for report. I just applied an fix for both the latest stable version 
(1.1.0) and the development version (1.2.0).

Not sure if code injection is possible as the maximum overflow is of 5 bytes, 
guess not long enough to encode an instruction.

Regards,
Bogdan

Prev by Date: Re: OpenSER OSP Module remote code execution
Next by Date: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Previous by thread: SMS handling OpenSER remote code executing
Next by thread: [OpenPKG-SA-2006.044] OpenPKG Security Advisory (w3m)
Index(es):
- Date
- Thread