CVE-2006-2923 : The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush …
`7/1/24, 8:59 AM
`CVE-2006-2923 : The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush ...
`7/1/24, 8:59 AM
`The Wayback Machine - https://web.archive.org/web/20140729171850/http://cvedetails.com/cve/CVE-2006-2923/
`The Wayback Machine - https://web.archive.org/web/20140729171850/http://cvedetails.com/cve/CVE-2006-2923/
`
`(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
`(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
`
`SI,: Custom 'Search
`COOSie Custom Search
`
`The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush
`The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush
`1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite,
`1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite,
`(h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute
`(h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute
`arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are
`arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are
`detected in a length check but still processed, leading to buffer overflows related to negative length values.
`detected in a length check but still processed, leading to buffer overflows related to negative length values.
`Publish Date : 2006-06-09 Last Update Date : 2011-03-28
`Publish Date : 2006-06-09 Last Update Date : 2011-03-28
`
`Collapse All Expand All Select Select&Copy
`Collapse All Expand All Select Select&Copy
`Search Twitter Search YouTube Search Google
`Search Twitter Search YouTube Search Goog le
`
`- CVSS Scores & Vulnerability Types
`
`— CVSS Scores & Vulnerability Types
`
`Scroll To
`Scroll To
`
`Comments
`Comments
`
`External Links
`External Links
`
`Search
`CVE Details
`
`CVE Details
`Search
`1
` View CVE
`View CVE
`The ultimate security vulv.erability dataSOUrCe
`The u(timate security vulkierability datasource
`www. itsecd b.com nocilli
`Log In Register Reset Password Activate Account
`Vulnerability Feeds & WidgetsNew www.itsecdb.com
`
` FICEICIIMO
`LDig_Da Register Reset Password Activate Account
`Vulnerability Feeds & WidgetsNew
`Home
`Vulnerability Details : CVE-2006-2923
`Home
`Vulnerability Details : CVE-2006-2923
`Browse :
`Browse :
`Vendors
`Vendors
`Products
`Products
`Vulnerabilities By Date
`Vulnerabilities By:i)
`Vulnerabilities By Type
`Vulnerabilities By Type
`Reports :
`Reports :
`CVSS Score Report
`CVSS Score Report
`CVSS Score Distribution
`CVSS Score Distribution
`Search :
`Search :
`Vendor Search
`Vendor Search
`Product Search
`Product Search
`Version Search
`Version Search
`Vulnerability Search
`Vulnerability Search
`By Microsoft References
`By Microsoft References
`Top 50 :
`Top 50 :
`Vendors
`Vendors
`Vendor Cvss Scores
`Vendor Cvss Scores
`Products
`Products
`Product Cvss Scores
`Product Cvss Scores
`Versions
`Versions
`Other :
`Other :
`Microsoft Bulletins
`Microsoft Bulletins
`Bugtraq Entries
`Bug
`g Entries
`CWE Definitions
`CWE Definitions
`About & Contact
`About & Contact
`Feedback
`Feed back
`CVE Help
`CVE Help
`FAQ
`FAQ
`Articles
`Articles
`External Links :
`External Links :
`NVD Website
`NVD Website
`CWE Web Site
`CWE Web Site
`View CVE :
`View CVE :
`
`CVSS Score
`CVSS Score
`Confidentiality Impact
`Confidentiality Impact
`Integrity Impact
`Integrity Impact
`
`Availability Impact
`Availability Impact
`Access Complexity
`Access Complexity
`
`Authentication
`Authentication
`Gained Access
`Gained Access
`Vulnerability Type(s)
`Vulnerability Type(s)
`CWE ID
`CWE ID
`
`6.4
`"MI
`Partial (There is considerable informational disclosure.)
`Partial (There is considerable informational disclosure.)
`Partial (Modification of some system files or information is possible, but the attacker does not
`Partial (Modification of some system files or information is possible, but the attacker does not
`have control over what can be modified, or the scope of what the attacker can affect is
`have control over what can be modified, or the scope of what the attacker can affect is
`limited.)
`limited.)
`None (There is no impact to the availability of the system.)
`None (There is no impact to the availability of the system.)
`Low (Specialized access conditions or extenuating circumstances do not exist. Very little
`Low (Specialized access conditions or extenuating circumstances do not exist. Very little
`knowledge or skill is required to exploit. )
`knowledge or skill is required to exploit. )
`Not required (Authentication is not required to exploit the vulnerability.)
`Not required (Authentication is not required to exploit the vulnerability.)
`None
`None
`Execute Code Overflow
`Execute Code Overflow
`119
`119
`
`- Products Affected By CVE-2006-2923
`
` Go
`Go
`(e.g.: CVE-2009-1234 or
`(e.g.: CVE-2009-1234 or
`2010-1234 or 20101234)
`2010-1234 or 20101234)
`View BID :
`View BID :
`
` Go
`Go
`
`(e.g.: 12345)
`(e.g.: 12345)
`Search By Microsoft
`Search By Microsoft
`Reference ID:
`Reference ID:
`
` Go
`Go
`(e.g.: ms10-001 or
`(e.g. : ms10-001 or
`979352)
`979352)
`
`— Products Affected By CVE-2006-2923
`
`# Product Type
`# Product Type
`1 Application
`1 Application
`
`Version Update Edition Language
`Vendor
`Product
`Product Version Update Edition Language
`Vendor
`Loudhush Loudhush 1.3.6
`Loudhush Loudhush 1.3.6
`
`- Number Of Affected Versions By Product
`
`— Number Of Affected Versions By Product
`
`Version Details Vulnerabilities
`Version Details Vulnerabilities
`
`Vendor
`Vendor
`
`Product
`Product
`
`Vulnerable Versions
`Vulnerable Versions
`
`Loudhush
`Loud hush
`
`Loudhush
`Loud hush
`
`- References For CVE-2006-2923
`
`- References For CVE-2006-2923
`
`1
`1
`
`http://iaxclient.sourceforge.net/iaxcomm/ CONFIRM
`http://iaxclient.sourceforge.net/iaxcomm/ CONFIRM
`http://secunia.com/advisories/20560
`http://secunia.com/advisories/20560
`SECUNIA 20560
`SECUNIA 20560
`http://secunia.com/advisories/20567
`http://secunia.com/advisories/20567
`SECUNIA 20567
`SECUNIA 20567
`http://secunia.com/advisories/20623
`http://secunia.com/advisories/20623
`SECUNIA 20623
`SECUNIA 20623
`http://secunia.com/advisories/20900
`http://secunia.com/advisories/20900
`SECUNIA 20900
`SECUNIA 20900
`http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960 CONFIRM
`roject/shownotes.php?release id=423099&group id= 131960 CONFIRM
`http://sourceforge
`
`https://web.archive.org/web/20140729171850/https://www.cvedetails.com/cve/CVE-2006-2923/
`https://web.archive.org/web/20140729171850/https://www.cvedetails.com/cve/CVE-2006-2923/
`
`WIZ, Inc. EXHIBIT - 1090
`1/2
`1/2
`WIZ, Inc. v. Orca Security LTD.
`
`WIZ, Inc. EXHIBIT - 1090
`WIZ, Inc. v. Orca Security LTD.
`
`

`

`7/1/24, 8:59 AM
`7/1/24, 8:59 AM
`
`CVE-2006-2923 : The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush …
`CVE-2006-2923 : The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush
`http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml
`glsa
` Isa-200606-30.xml
`GENTOO GLSA-200606-30
`GENTOO GLSA-200606-30
`http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10
`http://www.coresecurity.com/common/showdoc.php?idx=5488ddxseccion=10
`http://www.vupen.com/english/advisories/2006/2286
`http://www.vupen.com/eng lish/advisories/2006/2286
`VUPEN ADV-2006-2286
`VUPEN ADV-2006-2286
`http://www.vupen.com/english/advisories/2006/2285
`http://www.vupen.com english/advisories/2006/2285
`VUPEN ADV-2006-2285
`VUPEN ADV-2006-2285
`http://www.vupen.com/english/advisories/2006/2284
`http://www.vupen.com english/advisories/2006/2284
`VUPEN ADV-2006-2284
`VUPEN ADV-2006-2284
`http://www.vupen.com/english/advisories/2006/2180
`http://www.vupen.com english/advisories/2006/2180
`VUPEN ADV-2006-2180
`VUPEN ADV-2006-2180
`http://www.securityfocus.com/archive/1/archive/1/436638/100/0/threaded
`http://www.securityfocus.com/archive/l/archive/1/436638/100/0/threaded
`BUGTRAQ 20060609 CORE-2006-0327: IAXclient truncated frames vulnerabilities
`BUGTRAQ 20060609 CORE-2006-0327: IAXclient truncated frames vulnerabilities
`http://www.loudhush.ro/changelog.txt CONFIRM
`http://www.loudhush.ro/changelog.txt CONFIRM
`http://xforce.iss.net/xforce/xfdb/27047
`http ://xforce. iss. net/xforce/xfd b/27047
`XF iaxclient-truncated-frame-bo(27047)
`XF iaxclient-truncated-frame-bo(27047)
`http://secunia.com/advisories/20466
`http://secunia.com/advisories/20466
`SECUNIA 20466
`SECUNIA 20466
`http://www.securityfocus.com/bid/18307
`http://www.securityfocus.com/bid/18307
`BID 18307 IAXClient Multiple Truncated IAX Frames Remote Buffer Overflow Vulnerabilities Release Date:2006-06-30
`BID 18307 IAXClient Multiple Truncated IAX Frames Remote Buffer Overflow Vulnerabilities Re/ease Date:2006-06-30
`
`- Metasploit Modules Related To CVE-2006-2923
`
`— Metasploit Modules Related To CVE-2006-2923
`
`There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)
`There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)
`
`How does it work? Known limitations & technical details User agreement, disclaimer and privacy statement About & Contact Feedback
`How does it work? Known limitations & technical details User agreement disclaimer and privacy statement About & Contact Feedback
`CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the
`CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the
`authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
`authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
`Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is
`Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is
`at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY
`at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY
`RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY
`RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY
`DIRECT, INDIRECT or any other kind of loss.
`DIRECT, INDIRECT or any other kind of loss.
`
`https://web.archive.org/web/20140729171850/https://www.cvedetails.com/cve/CVE-2006-2923/
`https://web.archive.org/web/20140729171850/https://www.cvedetails.com/cve/CVE-2006-2923/
`
`2/2
`2/2
`
`