Tags › Voipmonitor
VoIPmonitor: static builds lack memory corruption protections
Published on Mar 15, 2021 in voipmonitor, buffer overflow, denial of service, memory corruption, security advisory
- Fixed versions: N/A
- Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2021-04-voipmonitor-staticbuild-memory-corruption-protection/
- VoIPmonitor Security Advisory: none
- Tested vulnerable versions: 27.5
- Timeline:
- Report date: 2021-02-10 & 2021-02-13
- Enable Security advisory: 2021-03-15
Description
The binaries available for download at https://www.voipmonitor.org/download are built without any memory corruption protection in place. The following is output from the tool hardening-check:
hardening-check voipmonitor:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: unknown, no protectable libc functions used
Read-only relocations: no, not found!
Immediate binding: no, not found!
Stack clash protection: unknown, no -fstack-clash-protection instructions found
Control flow integrity: unknown, no -fcf-protection instructions found!
When stack protection together with Fortify Source and other protection mechanisms are in place, exploitation of memory corruption vulnerabilities normally results in a program crash instead of leading to remote code execution. Most modern compilation systems create executable binaries with these features built-in by default. When these features are not used, attackers may easily exploit memory corruption vulnerabilities, such as buffer overflows, to run arbitrary code. In this advisory we will demonstrate how a buffer overflow reported in a separate advisory, could be abused to run arbitrary code because of the lack of standard memory corruption protection in the static build releases of VoIPmonitor.
…
VoIPmonitor: cross-site scripting via SIP messages
Published on Mar 15, 2021 in CVE-2021-1000004, voipmonitor, cross-site scripting, security advisory
- Fixed versions: VoIPmonitor WEB GUI 24.56
- Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2021-02-voipmonitor-gui-xss/
- VoIPmonitor Security Advisory: none, changelog references fixes at https://www.voipmonitor.org/changelog-gui?major=5
- Tested vulnerable versions: 24.53, 24.54, 24.55
- References: CVE-2021-1000004
- Timeline:
- Report date: 2021-02-10
- Triaged: 2021-02-12
- First fixes available: 2021-02-15
- Fixes to actually address XSS: 2021-02-22
- VoIPmonitor release with fix: 2021-02-22
- Enable Security advisory: 2021-03-15
Description
Multiple Cross-Site Scripting vulnerabilities were observed in the VoIPmonitor WEB GUI. These vulnerabilities can be exploited by sending SIP messages towards hosts monitored by VoIPmonitor. During our tests, the following areas were affected:
…VoIPmonitor: buffer overflow in live sniffer
Published on Mar 15, 2021 in CVE-2021-1000005, voipmonitor, buffer overflow, denial of service, memory corruption, security advisory
- Fixed versions: 27.6
- Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2021-03-voipmonitor-livesniffer-buffer-overflow/
- VoIPmonitor Security Advisory: none, changelog references fixes at https://www.voipmonitor.org/changelog-sniffer
- Tested vulnerable versions: 27.5
- References: CVE-2021-1000005
- Timeline:
- Report date: 2021-02-10
- Triaged: 2021-02-12
- Fix provided for testing: 2021-02-15
- VoIPmonitor release with fix: 2021-02-15
- Enable Security advisory: 2021-03-15
Description
A buffer overflow was identified in the VoIPmonitor live sniffer feature. The description variable in the function save_packet_sql is defined as a fixed length array of 1024 characters. The description is set to the value of a SIP request or response line. By setting a long request or response line VoIPmonitor will trigger a buffer overflow. The affected code is: