Ubuntu Local Security Checks : Ubuntu USN-562-1 (opal)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.60114

Category: Ubuntu Local Security Checks

Title: Ubuntu USN-562-1 (opal)

Summary: Ubuntu USN-562-1 (opal)

Description:
The remote host is missing an update to opal
announced via advisory USN-562-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Jose Miguel Esparza discovered that certain SIP headers were not correctly
validated. A remote attacker could send a specially crafted packet to
an application linked against opal (e.g. Ekiga) causing it to crash, leading
to a denial of service.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libopal-2.2.0 2.2.1-1ubuntu1.1

Ubuntu 6.10:
libopal-2.2.0 2.2.3.dfsg-0ubuntu2.1

Ubuntu 7.04:
libopal-2.2.0 2.2.3.dfsg-2ubuntu2.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-562-1

Risk factor : Medium

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-4924
Bugtraq: 20071011 S21SEC-037-en: OPAL SIP Protocol Remote Denial of Service (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482120/30/4500/threaded
http://www.milw0rm.com/exploits/9240
http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html
http://www.s21sec.com/avisos/s21sec-037-en.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:205
http://www.redhat.com/support/errata/RHSA-2007-0957.html
SuSE Security Announcement: SUSE-SR:2007:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://www.ubuntu.com/usn/usn-562-1
BugTraq ID: 25955
http://www.securityfocus.com/bid/25955
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11398
http://www.vupen.com/english/advisories/2007/3413
http://www.vupen.com/english/advisories/2007/3414
http://osvdb.org/41637
http://www.securitytracker.com/id?1018776
http://secunia.com/advisories/27118
http://secunia.com/advisories/27128
http://secunia.com/advisories/27129
http://secunia.com/advisories/27271
http://secunia.com/advisories/27524
http://secunia.com/advisories/28380

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.60114
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-562-1 (opal)
Summary:	Ubuntu USN-562-1 (opal)
Description:	The remote host is missing an update to opal announced via advisory USN-562-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal (e.g. Ekiga) causing it to crash, leading to a denial of service. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libopal-2.2.0 2.2.1-1ubuntu1.1 Ubuntu 6.10: libopal-2.2.0 2.2.3.dfsg-0ubuntu2.1 Ubuntu 7.04: libopal-2.2.0 2.2.3.dfsg-2ubuntu2.1 After a standard system upgrade you need to restart your session to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-562-1 Risk factor : Medium
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4924 Bugtraq: 20071011 S21SEC-037-en: OPAL SIP Protocol Remote Denial of Service (Google Search) http://www.securityfocus.com/archive/1/archive/1/482120/30/4500/threaded http://www.milw0rm.com/exploits/9240 http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html http://www.s21sec.com/avisos/s21sec-037-en.txt http://www.mandriva.com/security/advisories?name=MDKSA-2007:205 http://www.redhat.com/support/errata/RHSA-2007-0957.html SuSE Security Announcement: SUSE-SR:2007:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://www.ubuntu.com/usn/usn-562-1 BugTraq ID: 25955 http://www.securityfocus.com/bid/25955 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11398 http://www.vupen.com/english/advisories/2007/3413 http://www.vupen.com/english/advisories/2007/3414 http://osvdb.org/41637 http://www.securitytracker.com/id?1018776 http://secunia.com/advisories/27118 http://secunia.com/advisories/27128 http://secunia.com/advisories/27129 http://secunia.com/advisories/27271 http://secunia.com/advisories/27524 http://secunia.com/advisories/28380
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com