| VID |
29077 |
| Severity |
30 |
| Port |
5060 |
| Protocol |
UDP |
| Class |
Protocol |
| Detailed Description |
The SIP Express Router, according to its version number, has a denial-of-service vulnerability by too long Contact lists in REGISTERs.
The Session Initiation Protocol (SIP) is a developing and newly deployed protocol that is commonly used in Voice over IP (VoIP), Internet telephony, instant messaging, and various other applications. SIP is a text-based protocol for initiating communication and data sessions between users. SIP Express Router (ser) is a high-performance, configurable, free SIP server.
SIP Express Router versions prior to 0.8.11 are vulnerable to a denial of service attack, which allow an attacker to crash the affected server by sending a too long contact list in REGISTERs.
* Note: This check solely relied on the version number of the remote SIP Express Router to assess this vulnerability, so this might be a false positive.
* References:
http://www.iptel.org/ser/security/
* Platforms Affected:
IPTel IPTel SIP Express Router (ser) 0.8.10 and prior |
| Recommendation |
As a workaround, ingress filtering of the following ports can prevent attackers outside of your network from accessing vulnerable devices in the local network that are not explicitly authorized to provide public SIP services:
sip 5060/udp # Session Initiation Protocol (SIP)
sip 5060/tcp # Session Initiation Protocol (SIP)
sip 5061/tcp # Session Initiation Protocol (SIP) over TLS
Upgrade to the latest version of SIP Express Router (0.8.11 or later), available from the IPTel Web site at http://www.iptel.org
-- OR --
Apply the patch for version 0.8.10, available from the IPTel Web site at http://www.iptel.org/ser/security/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
14142 (ISS) |
|
