I initially sent this to the wrong bug trail.
Cheers,
Moritz
----- Forwarded message from Moritz Muehlenhoff <[EMAIL PROTECTED]> -----
Date: Wed, 28 Nov 2007 23:47:24 +0100
Subject: Re: CVE-2007-6103: remote DoS
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
Steffen Joeris wrote:
> CVE-2007-6103:
>
> I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a
> denial of service (infinite loop) via a packet that contains zero in the
> size field in its header, which is improperly handled by the
> Receiver::processPacket function; and (2) a denial of service (daemon
> crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does
> not specify the mode, which is improperly handled by the Player::ring
> function in Player.cpp.
>
> When you fix this, please mention the CVE id in your changelog.
> Thanks for your efforts.
I'm not convinced that this is more than a regular bug: ihu is
| Description: Qt VoIP softphone with an own, encrypted protocol
| IHU creates an audio stream between two computers easily and with the minimal
| traffic on the network.
Performing the "attack" described above is effectively a creative way to
hang up. We wouldn't call hanging up remote DoS either...
Cheers,
Moritz
----- End forwarded message -----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
