CVE-2006-2923 - Vulnerability Details - OpenCVE

The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Loudhush	Loudhush

Configuration 1 [-]

cpe:2.3:a:loudhush:loudhush:1.3.6:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://iaxclient.sourceforge.net/iaxcomm/
http://secunia.com/advisories/20466
http://secunia.com/advisories/20560
http://secunia.com/advisories/20567
http://secunia.com/advisories/20623
http://secunia.com/advisories/20900
http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960
http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10
http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml
http://www.loudhush.ro/changelog.txt
http://www.securityfocus.com/archive/1/436638/100/0/threaded
http://www.securityfocus.com/bid/18307
http://www.vupen.com/english/advisories/2006/2180
http://www.vupen.com/english/advisories/2006/2284
http://www.vupen.com/english/advisories/2006/2285
http://www.vupen.com/english/advisories/2006/2286
https://exchange.xforce.ibmcloud.com/vulnerabilities/27047

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-09T10:00:00

Updated: 2024-08-07T18:06:27.221Z

Reserved: 2006-06-09T00:00:00

Link: CVE-2006-2923

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-06-09T10:02:00.000

Modified: 2024-11-21T00:12:24.713

Link: CVE-2006-2923

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-2286", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2286"}, {"name": "ADV-2006-2285", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2285"}, {"name": "iaxclient-truncated-frame-bo(27047)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27047"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.loudhush.ro/changelog.txt"}, {"name": "20567", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20567"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://iaxclient.sourceforge.net/iaxcomm/"}, {"name": "20900", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20900"}, {"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10"}, {"name": "ADV-2006-2180", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2180"}, {"name": "20623", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20623"}, {"name": "20466", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20466"}, {"name": "18307", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18307"}, {"name": "ADV-2006-2284", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2284"}, {"name": "20060609 CORE-2006-0327: IAXclient truncated frames vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/436638/100/0/threaded"}, {"name": "GLSA-200606-30", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960"}, {"name": "20560", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20560"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2923", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-2286", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2286"}, {"name": "ADV-2006-2285", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2285"}, {"name": "iaxclient-truncated-frame-bo(27047)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27047"}, {"name": "http://www.loudhush.ro/changelog.txt", "refsource": "CONFIRM", "url": "http://www.loudhush.ro/changelog.txt"}, {"name": "20567", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20567"}, {"name": "http://iaxclient.sourceforge.net/iaxcomm/", "refsource": "CONFIRM", "url": "http://iaxclient.sourceforge.net/iaxcomm/"}, {"name": "20900", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20900"}, {"name": "http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10", "refsource": "MISC", "url": "http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10"}, {"name": "ADV-2006-2180", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2180"}, {"name": "20623", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20623"}, {"name": "20466", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20466"}, {"name": "18307", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18307"}, {"name": "ADV-2006-2284", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2284"}, {"name": "20060609 CORE-2006-0327: IAXclient truncated frames vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/436638/100/0/threaded"}, {"name": "GLSA-200606-30", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960"}, {"name": "20560", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20560"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:06:27.221Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-2286", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2286"}, {"name": "ADV-2006-2285", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2285"}, {"name": "iaxclient-truncated-frame-bo(27047)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27047"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.loudhush.ro/changelog.txt"}, {"name": "20567", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20567"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://iaxclient.sourceforge.net/iaxcomm/"}, {"name": "20900", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20900"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10"}, {"name": "ADV-2006-2180", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2180"}, {"name": "20623", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20623"}, {"name": "20466", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20466"}, {"name": "18307", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18307"}, {"name": "ADV-2006-2284", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2284"}, {"name": "20060609 CORE-2006-0327: IAXclient truncated frames vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/436638/100/0/threaded"}, {"name": "GLSA-200606-30", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960"}, {"name": "20560", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20560"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2923", "datePublished": "2006-06-09T10:00:00", "dateReserved": "2006-06-09T00:00:00", "dateUpdated": "2024-08-07T18:06:27.221Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:loudhush:loudhush:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "D16B7697-4C22-4C41-8BB5-7F532BF089C9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values."}], "id": "CVE-2006-2923", "lastModified": "2024-11-21T00:12:24.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-09T10:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://iaxclient.sourceforge.net/iaxcomm/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20466"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20560"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20567"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20623"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20900"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960"}, {"source": "cve@mitre.org", "url": "http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml"}, {"source": "cve@mitre.org", "url": "http://www.loudhush.ro/changelog.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/436638/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/18307"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2180"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2284"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2285"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2286"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27047"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://iaxclient.sourceforge.net/iaxcomm/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20466"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20567"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20623"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20900"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.loudhush.ro/changelog.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/436638/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/18307"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2284"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2285"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2286"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27047"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}