CVE-2006-0365

Current Description

Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call.

Basic Data

PublishedJanuary 22, 2006
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCounterpathEyebeam Sip Softphone********

Vulnerable Software List

VendorProductVersions
Counterpath Eyebeam Sip Softphone *

References

NameSourceURLTags
http://blog.donews.com/zwell/archive/2006/01/17/698810.aspxhttp://blog.donews.com/zwell/archive/2006/01/17/698810.aspxMISC
18516http://secunia.com/advisories/18516SECUNIAVendor Advisory
354http://securityreason.com/securityalert/354SREASON
20060116 CounterPath eyeBeam Handing SIP header Vulnerabilitieshttp://www.securityfocus.com/archive/1/422009/100/0/threadedBUGTRAQ
20060921 Re: CounterPath eyeBeam Handing SIP header Vulnerabilitieshttp://www.securityfocus.com/archive/1/446573/100/0/threadedBUGTRAQ
16253http://www.securityfocus.com/bid/16253BID
ADV-2006-0259http://www.vupen.com/english/advisories/2006/0259VUPEN
eyebeam-sip-header-bo(24181)https://exchange.xforce.ibmcloud.com/vulnerabilities/24181XF