|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#528719
Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities
OverviewOulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices.
I. DescriptionThe Oulu University Secure Programming Group (OUSPG) has discovered a variety of vulnerabilities in multiple implementations of the Session Initiation Protocol (SIP). OUSPG has previously conducted research into vulnerabilities in various protocol implementations, including LDAP, culminating in CERT Advisory CA-2001-18 and SNMP, resulting in CERT Advisory CA-2002-03. OUSPG has again asked us to coordinate with them in letting affected vendors know of their findings.
The Session Initiation Protocol (SIP) is a signaling protocol for various instant messaging, Voice Over Internet Protocol (VoIP), and other telephony applications. OUSPG has focused on a subset of SIP as the subject protocol for vulnerability assessment. Information about SIP can be found on the IETF Charter page for SIP. OUSPG is has released the results of their investigations to the public. More details may be found in CERT Advisory CA-2003-06.
II. ImpactImpacts range from unexpected system behavior and denial of service to execution of arbitrary code.
III. SolutionUpgrade or apply the patches as specified by your vendor.
Vulnerable applications supporting the Session Initiation Protocol (SIP) may have access blocked at a network perimeter on ports 5060/tcp and 5060/udp.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| 3Com | Unknown | 17-Feb-2003 |
| Alcatel | Vulnerable | 6-Mar-2003 |
| AOL Time Warner | Not Vulnerable | 25-Mar-2003 |
| Apple Computer, Inc. | Not Vulnerable | 17-Feb-2003 |
| AT&T | Unknown | 17-Feb-2003 |
| Avaya | Not Vulnerable | 25-Feb-2003 |
| Avici Systems Inc. | Unknown | 20-Feb-2003 |
| Berkeley Software Design, Inc. | Unknown | 17-Feb-2003 |
| Borderware | Not Vulnerable | 17-Feb-2003 |
| Cable and Wirless | Unknown | 20-Feb-2003 |
| Check Point | Not Vulnerable | 6-Mar-2003 |
| Cirpack | Vulnerable | 13-Mar-2003 |
| Cisco Systems, Inc. | Vulnerable | 21-Feb-2003 |
| Clavister | Not Vulnerable | 17-Feb-2003 |
| Columbia SIP User Agent (sipc) | Vulnerable | 25-Feb-2003 |
| Compaq Computer Corporation | Unknown | 21-Feb-2003 |
| Computer Associates | Unknown | 17-Feb-2003 |
| COVERT Labs | Unknown | 17-Feb-2003 |
| Cray Inc. | Unknown | 17-Feb-2003 |
| D-Link Systems | Unknown | 17-Feb-2003 |
| Data General | Unknown | 17-Feb-2003 |
| Debian Linux | Unknown | 17-Feb-2003 |
| DynamicSoft Inc | Vulnerable | 27-Feb-2003 |
| Engarde | Unknown | 17-Feb-2003 |
| eSoft | Not Vulnerable | 17-Feb-2003 |
| EZonics | Unknown | 17-Feb-2003 |
| F5 Networks, Inc. | Not Vulnerable | 20-Feb-2003 |
| Foundry Networks Inc. | Not Vulnerable | 25-Mar-2003 |
| FreeBSD, Inc. | Unknown | 17-Feb-2003 |
| Fujitsu | Not Vulnerable | 17-Feb-2003 |
| Global Technology Associates | Unknown | 17-Feb-2003 |
| Hewlett-Packard Company | Not Vulnerable | 20-Feb-2003 |
| Hotsip AB | Not Vulnerable | 12-Mar-2003 |
| Hughes Software Systems | Not Vulnerable | 18-Apr-2003 |
| IBM-zSeries | Unknown | 24-Feb-2003 |
| IBM Corporation | Not Vulnerable | 21-Feb-2003 |
| Indigo Software | Not Vulnerable | 1-Apr-2003 |
| Ingate Systems | Vulnerable | 7-Mar-2003 |
| Intel | Unknown | 17-Feb-2003 |
| Intoto | Not Vulnerable | 24-Mar-2003 |
| IP Filter | Not Vulnerable | 17-Feb-2003 |
| IPTel | Vulnerable | 20-Feb-2003 |
| Juniper Networks, Inc. | Not Vulnerable | 21-Feb-2003 |
| Kphone | Not Vulnerable | 17-Feb-2003 |
| Lachman | Unknown | 17-Feb-2003 |
| Lockheed Martin | Unknown | 17-Feb-2003 |
| Lotus Software | Unknown | 19-Feb-2003 |
| Lucent Technologies | Unknown | 20-Feb-2003 |
| Mandriva, Inc. | Unknown | 17-Feb-2003 |
| Mandriva, Inc. | Unknown | 17-Feb-2003 |
| Mediatrix Telecom Inc | Vulnerable | 9-May-2003 |
| MeetingHouse Data Communications | Unknown | 17-Feb-2003 |
| Microsoft Corporation | Not Vulnerable | 20-Feb-2003 |
| Mitel Networks, Inc. | Not Vulnerable | 19-Sep-2005 |
| MontaVista Software, Inc. | Unknown | 17-Feb-2003 |
| Motorola | Unknown | 17-Feb-2003 |
| MySIP | Unknown | 17-Feb-2003 |
| NEC Corporation | Not Vulnerable | 20-May-2003 |
| NETBSD | Not Vulnerable | 17-Feb-2003 |
| NETfilter.org | Not Vulnerable | 17-Feb-2003 |
| NetScreen | Not Vulnerable | 21-Feb-2003 |
| Network Appliance | Not Vulnerable | 18-Feb-2003 |
| NeXT | Unknown | 17-Feb-2003 |
| Nokia | Not Vulnerable | 20-Feb-2003 |
| Nortel Networks, Inc. | Vulnerable | 24-Jul-2003 |
| Novell, Inc. | Not Vulnerable | 20-Feb-2003 |
| OpenBSD | Unknown | 17-Feb-2003 |
| Openwall GNU/*/Linux | Unknown | 17-Feb-2003 |
| Oracle Corporation | Unknown | 17-Feb-2003 |
| Pingtel | Vulnerable | 24-Mar-2003 |
| Process Software | Unknown | 17-Feb-2003 |
| Red Hat, Inc. | Not Vulnerable | 19-Feb-2003 |
| Secure Computing Corporation | Not Vulnerable | 17-Feb-2003 |
| SecureWorx | Not Vulnerable | 17-Feb-2003 |
| Sequent Computer Systems, Inc. | Unknown | 17-Feb-2003 |
| SGI | Unknown | 17-Feb-2003 |
| Shoreline Communication | Not Vulnerable | 17-Feb-2003 |
| Siemens | Unknown | 17-Feb-2003 |
| Sony Corporation | Unknown | 17-Feb-2003 |
| Stonesoft | Not Vulnerable | 17-Feb-2003 |
| Sun Microsystems, Inc. | Unknown | 17-Feb-2003 |
| SUSE Linux | Unknown | 17-Feb-2003 |
| Symantec Corporation | Not Vulnerable | 1-Apr-2003 |
| The SCO Group (SCO Linux) | Unknown | 17-Feb-2003 |
| The SCO Group (SCO Unix) | Unknown | 18-Feb-2003 |
| Unisys | Unknown | 26-Mar-2003 |
| University of Columbia | Unknown | 17-Feb-2003 |
| Vegastream | Unknown | 17-Feb-2003 |
| WatchGuard | Not Vulnerable | 17-Feb-2003 |
| Wind River Systems, Inc. | Unknown | 17-Feb-2003 |
| Wirex | Unknown | 17-Feb-2003 |
| Xerox Corporation | Unknown | 17-Feb-2003 |
| Yahoo | Unknown | 17-Feb-2003 |
| ZYXEL | Unknown | 17-Feb-2003 |
References
http://www.ee.oulu.fi/research/ouspg/protos/
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
http://www.mediateam.oulu.fi/projects/redskins/?lang=en
http://www.ietf.org/html.charters/sip-charter.html
http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-07.txt
http://www.ietf.org/rfc/rfc3665.txt
http://www.ietf.org/rfc/rfc3261.txt
http://www.ietf.org/rfc/rfc2327.txt
http://www.ietf.org/rfc/rfc2279.txt
Credit
The CERT Coordination Center thanks the Oulu University Secure Programming Group for reporting these vulnerabilities, for providing detailed technical analyses, and for assisting us in preparing this advisory. We would also like to acknowlede the "RedSkins" project of "MediaTeam Oulu" for their support of this research.
This document was originally written by Jason A Rafail. Revisions were made by Jeffrey S. Havrilla.
Other Information
| Date Public | 02/21/2003 |
| Date First Published | 02/21/2003 10:13:19 AM |
| Date Last Updated | 05/21/2007 |
| CERT Advisory | CA-2003-06 |
| CVE Name | CVE-2003-1108 |
| US-CERT Technical Alerts | |
| Metric | 17.72 |
| Document Revision | 36 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader