Clavister Information for VU#528719

Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities

Status

Not Affected

Vendor Statement

No Clavister products currently incorporate support for the SIP protocol suite, and as such, are not vulnerable.

We would however like to extend our thanks to the OUSPG for their work as well as for the responsible manner in which they handle their discoveries. Their detailed reports and test suites are certainly well-received.

We would also like to reiterate the fact that SIP has yet to mature, protocol-wise as well as implementation-wise. We do not recommend that our customers set up SIP relays in parallel to our firewall products to pass SIP-based applications in or out of networks where security is a concern of note.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.