11 Mar
2005
11 Mar
'05
11:15 p.m.
It should be fixed in the latest CVS version of the 0.8.14 branch as well as in the newer versions.
Ramona
Alexander Philipp Lintenhofer wrote:
Hi all,
I just used the SIP-Version of Protos Test-Suite and realized a vulnerability in xlog.so: If you use xlog in ser.cfg and you inject the format string "%s%x%n" as request-method than ser hangs up. I use ser 0.8.14. The simulation tool is available at: http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
regards, Philipp
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers