Tags › Memory Corruption
VoIPmonitor: static builds lack memory corruption protections
Published on Mar 15, 2021 in voipmonitor, buffer overflow, denial of service, memory corruption, security advisory
- Fixed versions: N/A
- Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2021-04-voipmonitor-staticbuild-memory-corruption-protection/
- VoIPmonitor Security Advisory: none
- Tested vulnerable versions: 27.5
- Timeline:
- Report date: 2021-02-10 & 2021-02-13
- Enable Security advisory: 2021-03-15
Description
The binaries available for download at https://www.voipmonitor.org/download are built without any memory corruption protection in place. The following is output from the tool hardening-check:
hardening-check voipmonitor:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: no, not found!
Immediate binding: no, not found!
Stack clash protection: unknown, no -fstack-clash-protection instructions found
Control flow integrity: unknown, no -fcf-protection instructions found!
When stack protection together with Fortify Source and other protection mechanisms are in place, exploitation of memory corruption vulnerabilities normally results in a program crash instead of leading to remote code execution. Most modern compilation systems create executable binaries with these features built-in by default. When these features are not used, attackers may easily exploit memory corruption vulnerabilities, such as buffer overflows, to run arbitrary code. In this advisory we will demonstrate how a buffer overflow reported in a separate advisory, could be abused to run arbitrary code because of the lack of standard memory corruption protection in the static build releases of VoIPmonitor.
…
VoIPmonitor: buffer overflow in live sniffer
Published on Mar 15, 2021 in CVE-2021-1000005, voipmonitor, buffer overflow, denial of service, memory corruption, security advisory
- Fixed versions: 27.6
- Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2021-03-voipmonitor-livesniffer-buffer-overflow/
- VoIPmonitor Security Advisory: none, changelog references fixes at https://www.voipmonitor.org/changelog-sniffer
- Tested vulnerable versions: 27.5
- References: CVE-2021-1000005
- Timeline:
- Report date: 2021-02-10
- Triaged: 2021-02-12
- Fix provided for testing: 2021-02-15
- VoIPmonitor release with fix: 2021-02-15
- Enable Security advisory: 2021-03-15
Description
A buffer overflow was identified in the VoIPmonitor live sniffer feature. The description variable in the function save_packet_sql is defined as a fixed length array of 1024 characters. The description is set to the value of a SIP request or response line. By setting a long request or response line VoIPmonitor will trigger a buffer overflow. The affected code is: