In association with heise online

10 October 2007, 08:05

Security vulnerability in open source library for IP telephony

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Open Phone Abstraction Library (opal) contains a vulnerability that might be exploited by means of manipulated 'Content Length' header fields in SIP packets to crash SIP applications. Opal is a protocol library that, in addition to SIP, also supports H.323 and video conference standards. The Ekiga free Open Source VoIP softphone is one of the applications that use the library. The flaw in opal's CVS was resolved back in August, but hardly any Linux distributors have published updated packages yet. Red Hat is the only distributor to publish the updated opal packages so far. Version 2.0.10 of Ekiga, which has been available since late September, was released to address this issue.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit