Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

SIP weakness could expose VoIP gear to attacks

From: InfoSec News <isn () c4i org>
Date: Tue, 25 Feb 2003 07:01:13 -0600 (CST)
http://www.nwfusion.com/news/2003/0224sip.html

By Phil Hochmuth
Network World Fusion
02/24/03

A glitch in some vendors' Session Initiation Protocol (SIP) software 
could leave SIP-enabled devices - such as IP phones, IP PBXs and 
instant messaging clients - vulnerable to denial-of-service attacks, 
the CERT Coordination Center said last week. 

The Oulu University Secure Programming Group (OUSPG) discovered that 
when a certain SIP test suite (PROTOS c07-sip) is applied to SIP 
clients devices or proxy servers, it caused "impacts ranging from 
unexpected system behavior and denial of services to remote code 
execution," according to the CERT warning. 

The vulnerably relates to the "invite" messages SIP devices send to 
each other to initiate sessions such as VoIP calls, text chat or 
video. 

SIP is an emerging VoIP protocol used to establish sessions among SIP 
"agents," such as IP phones, softphones, text chat clients, and video 
applications. Industry observers have called text-based SIP the 
successor to the H.323 protocol, used widely in IP-based telephony and 
videoconferencing equipment. Vendors with IP PBX and phone products 
that use SIP include Alcatel, Avaya, Cisco, Mitel, Nortel, Pingtel, 
Ploycom, and Siemens. Microsoft Windows Messenger - a Web telephony, 
chat and video client included in Windows XP - also uses SIP. 

According to CERT and Cisco's Web site, Cisco's 7940 and 7960 models 
of IP phones running SIP images prior to version 4.2 are vulnerable, 
as well as Cisco routers running Cisco IOS 12.2T and 12.2X. PIX 
firewalls running software versions with SIP support - beginning with 
version 5.2(1) and up to, but not including versions 6.2(2), 6.1(4), 
6.0(4) and 5.2(9) - are also affected, Cisco says. Fixes to these 
products are available from Cisco's Web site. 

Microsoft says its SIP-based software is not affected by the 
vulnerability.

Nortel says its Succession Communication Server 2000 and Succession 
Communication Server 2000 - Compact are affected by the vulnerability 
only when SIP-T has been enabled on the IP PBX products. Patches for 
these products are available at Nortel's Web site. 

Other vendors with SIP-based products have not posted comments on the 
CERT Coordination Center Web site.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: