In association with heise online

26 November 2007, 12:11

Update for Ingate Firewall and SIParator

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Vendor Ingate has released firmware version 4.6.0 of its firewall and the SIParator SIP gateway to resolve several vulnerabilities in previous versions. Among the security-related bugs is a buffer overflow in the libsrtp library used for VoIP, about which the vendor has not released any details. Kernel panics can be caused by processing specially crafted SRTP packets containing an oversized RTCP index, as well as by IKE packets without PFS in the second phase of IPSec connectivity.

In addition, a NAT traversal implementation flaw may cause the SIP component to send messages to the wrong user. Some passwords may have been stored in plain text and certain ICMP packets were able to sneak past the firewall undetected. The developers have also fixed numerous other flaws and introduced several improvements. The vendor recommends that everybody update soon.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit