Clavister Information for VU#528719
Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities
- Vendor Information Help Date Notified: 30 Oct 2002
- Statement Date:
- Date Updated: 17 Feb 2003
No Clavister products currently incorporate support for the SIP protocol suite, and as such, are not vulnerable.
We would however like to extend our thanks to the OUSPG for their work as well as for the responsible manner in which they handle their discoveries. Their detailed reports and test suites are certainly well-received.
We would also like to reiterate the fact that SIP has yet to mature, protocol-wise as well as implementation-wise. We do not recommend that our customers set up SIP relays in parallel to our firewall products to pass SIP-based applications in or out of networks where security is a concern of note.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.