| VID |
29076 |
| Severity |
40 |
| Port |
5060 |
| Protocol |
UDP |
| Class |
Protocol |
| Detailed Description |
The SIP Express Router, according to its version number, has multiple denial-of-service vulnerabilities via SIP INVITE message.
The Session Initiation Protocol (SIP) is a developing and newly deployed protocol that is commonly used in Voice over IP (VoIP), Internet telephony, instant messaging, and various other applications. SIP is a text-based protocol for initiating communication and data sessions between users. SIP Express Router (ser) is a high-performance, configurable, free SIP server.
SIP Express Router versions prior to 0.8.10 have multiple remote vulnerabilities, caused by the improper handling of SIP INVITE messages. These vulnerabilities were discovered using the PROTOS C07-SIP Test-Suite, developed by the Oulu University Secure Programming Group (OUSPG). Many vendor implementations are vulnerable to these vulnerabilities, which may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances.
* Note: This check solely relied on the version number of the remote SIP Express Router to assess this vulnerability, so this might be a false positive.
* References:
http://www.kb.cert.org/vuls/id/528719
http://www.cert.org/advisories/CA-2003-06.html
http://www.securitytracker.com/alerts/2003/Feb/1006167.html
http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
* Platforms Affected:
Cisco IP Phone Model 7940/7960 with SIP images prior to 4.2
Cisco IP Phone SIP Images P0S3-04-2-00 and later
Cisco Secure PIX Firewall 5.2(9), 6.0(4), 6.1(4), and 6.2(2) and later
Cisco IOS 12.2(11)T3 and 12.2(13)T1 include fixes
IPTel IPTel SIP Express Router (ser) 0.8.9 and prior
Nortel Networks Nortel Succession Communication Server 2000
Nortel Networks Nortel Succession Communication Server 2000 - Compact |
| Recommendation |
As a workaround, ingress filtering of the following ports can prevent attackers outside of your network from accessing vulnerable devices in the local network that are not explicitly authorized to provide public SIP services:
sip 5060/udp # Session Initiation Protocol (SIP)
sip 5060/tcp # Session Initiation Protocol (SIP)
sip 5061/tcp # Session Initiation Protocol (SIP) over TLS
For Cisco IP Phone Model 7940/7960 with SIP images prior to 4.2:
For Cisco IP Phone SIP Images P0S3-04-2-00 and later:
For Cisco Secure PIX Firewall 5.2(9), 6.0(4), 6.1(4), and 6.2(2) and later:
For Cisco IOS 12.2(11)T3 and 12.2(13)T1 include fixes:
Upgrade to the latest version of Cisco Software, as listed in Cisco Security Advisory 2003 February 21 UTC 1700 at http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml
For IPTel SIP Express Router 0.8.9 and earlier:
Upgrade to the latest firmware versions (0.8.10 or later), and apply the patch for your system, available from the iptel.org Web site at http://www.iptel.org/ser/security/
For other distributions:
Contact your vendor for upgrade or patch information or refer to CERT Vulnerability Note VU#528719 at http://www.kb.cert.org/vuls/id/528719 |
| Related URL |
(CVE) |
| Related URL |
6904 (SecurityFocus) |
| Related URL |
11379 (ISS) |
|
