Intrusion Prevention

Iaxclient.Truncated.IAX.Frames.Overflow

Description

Indicates a possible attempt at exploiting one of a multiple of buffer overflow vulnerabilities in the IAXClient library. The library fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers. An attacker can leverage this vulnerability and execute arbitrary code agains the system.

Affected Products

LoudHush LoudHush 1.3.6
Kiax Kiax 0.8.5
IaxComm IaxComm 1.0
IAXClient IAXClient 0
Gentoo Linux
asterisKGuru IDEFISK Softphone

Impact

System compromise
Execution of arbitrary code

Recommended Actions

The vendors have released updated versions of the affected software. Please see the reference section.
Upgrade to LoudHush LoudHush version 1.3.7.
Protect your network by using multiple layers of security.
Perform all non-administrative tasks as an unprivileged user with minimal access rights. This could help limit the impact of latent vulnerabilities in applications.
Run services with the least amount of privileges required.

CVE References

CVE-2006-2923

Other References

1