CVE-2006-2923

Name of the Vulnerable Software and Affected Versions: LoudHush version 1.3.6 IDE FISK versions 1.35 and earlier Kiax versions 0.8.5 and earlier DIAX (affected versions not specified) Ziaxphone (affected versions not specified) IAX Phone (affected versions not specified) X-lite (affected versions not specified) MediaX (affected versions not specified) Extreme Networks ePhone (affected versions not specified) iaxComm versions prior to 1.2.0

Description: The issue allows remote attackers to execute arbitrary code via crafted IAX 2 packets with truncated full frames or mini-frames, leading to buffer overflows related to negative length values. This can be exploited to compromise the confidentiality and integrity of protected information. The exploitation can be carried out remotely.

Recommendations: For LoudHush version 1.3.6, consider disabling the iax net read function until a patch is available. For IDE FISK versions 1.35 and earlier, restrict access to the IAX 2 protocol to minimize the risk of exploitation. For Kiax versions 0.8.5 and earlier, avoid using the IAX 2 protocol with truncated frames until the issue is resolved. For DIAX, Ziaxphone, IAX Phone, X-lite, MediaX, and Extreme Networks ePhone, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For iaxComm versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue.