[VOIPSEC] Actual Attacks - UA handling

Mark Teicher mht3 at earthlink.net
Tue Mar 1 07:20:59 CST 2005

Previous message (by thread): [VOIPSEC] Actual Attacks
Next message (by thread): [VOIPSEC] Actual Attacks - UA handling
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just validating whether a VOIP's implementation allows for buffer overflow in a URI over a REGISTER request over UDP is possible.  
Most UA should not accept a malicious request over 255 characters as the username, but some of the major player implementations do, and no configuration option to restrict how many characters a UA should accept.

/cheers
/

Previous message (by thread): [VOIPSEC] Actual Attacks
Next message (by thread): [VOIPSEC] Actual Attacks - UA handling
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Voipsec mailing list