CVE-2006-6876

Name of the Vulnerable Software and Affected Versions: OpenSER versions 1.2.0 and earlier

Description: A buffer overflow issue exists in the fetchsms function within the SMS handling module, specifically in the libsms getsms.c file. This issue allows remote attackers to cause a denial of service by crashing the system through a crafted SMS message. The crash occurs due to memory corruption when the "beginning" buffer is copied to the third argument, pdu.

Recommendations: For OpenSER versions 1.2.0 and earlier, as a temporary workaround, consider disabling the SMS handling module until a patch is available. Restrict access to the libsms getsms.c file to minimize the risk of exploitation. Avoid processing crafted SMS messages in the affected module until the issue is resolved.