11 Mar
2005
11 Mar
'05
6:46 p.m.
Hi all,
I just used the SIP-Version of Protos Test-Suite and realized a
vulnerability in xlog.so:
If you use xlog in ser.cfg and you inject the format string "%s%x%n" as
request-method than ser hangs up.
I use ser 0.8.14. The simulation tool is available at:
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
regards,
Philipp