| VID |
29040 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco IOS has a denial of service vulnerability(CISCO bug id CSCdz39284 and
CSCdz41124) via malformed SIP packets.
The Oulu University Secure Programming Group has reported numerous vulnerabilities in Session Initiation Protocol (SIP) implementations. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances.
SIP is the Internet Engineering Task Force (IETF) standard for multimedia conferencing over IP. SIP is an ASCII-based, application-layer control protocol (defined in RFCs 2543 and 3261) that can be used to establish, maintain, and terminate calls between two or more endpoints.
Devices running Cisco IOS versions in the 12.2T train or any 12.2 'X' train may reset due to improper handling of SIP fields. These vulnerabilities are documented as Cisco Bug IDs CSCdz39284 and CSCdz41124. In order to be vulnerable to CSCdz39284, the device must be running a vulnerable version of IOS and be configured as a SIP gateway. However, any device running a vulnerable version of Cisco IOS that is configured to perform NAT is vulnerable to CSCdz41124 when SIP is using UDP as its transport.
* Note: This check solely relies on the version number of the remote system to assess this vulnerability, so this may be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml
http://www.cert.org/advisories/CA-2003-06.html
http://www.kb.cert.org/vuls/id/528719
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
http://www.securitytracker.com/alerts/2003/Feb/1006167.html
* Platforms Affected:
Cisco IOS 12.2T
Cisco IOS 12.2X |
| Recommendation |
Upgrade to the latest version of Cisco IOS (12.2(11)T3 or 12.2(13)T1 and later), as listed in Cisco Security Advisory, http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml
Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/tacpage/sw-center/ .
As a workaround, unless NAT for the SIP protocol is required, devices running vulnerable versions of Cisco IOS which are configured to perform general NAT services may simply implement ingress access lists to prevent the possible translation of the SIP traffic by blocking UDP traffic with source or destination ports of 5060. |
| Related URL |
(CVE) |
| Related URL |
6904 (SecurityFocus) |
| Related URL |
11379 (ISS) |
|
