Clavister Information for VU#528719
Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities
- Vendor Information Help Date Notified: 30 Oct 2002
- Statement Date:
- Date Updated: 17 Feb 2003
Status
Not Affected
Vendor Statement
No Clavister products currently incorporate support for the SIP protocol suite, and as such, are not vulnerable.
We would however like to extend our thanks to the OUSPG for their work as well as for the responsible manner in which they handle their discoveries. Their detailed reports and test suites are certainly well-received.
We would also like to reiterate the fact that SIP has yet to mature, protocol-wise as well as implementation-wise. We do not recommend that our customers set up SIP relays in parallel to our firewall products to pass SIP-based applications in or out of networks where security is a concern of note.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Vendor References
None
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.