|
Cisco Session Initiation Protocol DoS
|
|
|
|
|
Secunia Advisory:
|
SA8113
|
|
|
Release Date:
|
2003-02-22
|
|
Last Update:
|
2005-09-27
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Cisco IOS 12.x
Cisco IOS R12.x
Cisco PIX 5.x
Cisco PIX 6.x
|
| | Software: | Cisco IP Phone 7940
Cisco IP Phones 7960
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Cisco has confirmed vulnerabilities in their SIP (Session Initiation Protocol) implementation in multiple products. These can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable device.
The vulnerabilities have been identified in the INVITE message used by two SIP-endpoints during the initial call setup. Cisco has reported the existance of the following vulnerabilities in affected products:
Cisco IP Phone models 7940 and 7960:
The vulnerabilities are caused by boundary errors and exceptional condition errors when handling malformed headers. According to Cisco these vulnerabilities may be exploited by a malicious person to cause a DoS (Denial of Service).
Cisco IOS versions in the 12.2T train or any 12.2 'X' train:
The vulnerabilities are caused by improper handling of SIP fields and can be exploited to force a vulnerable device to reset. The device must either be configured as a SIP gateway or perform NAT (Network Address Translation) while SIP is using the UDP transport protocol.
Cisco PIX:
The vulnerability is caused to improper handling of fragmented SIP INVITE messages, which can be exploited to force the firewall to reset.
Solution:
Cisco has released fixed versions of the software in vulnerable products. Customers are advised to obtain the fixed software through their usual channels.
Cisco IP Phone models 7940 and 7960:
The vulnerabilities have been fixed in Cisco IP Phone SIP Images P0S3-04-2-00 and later.
Cisco IOS 12.2T:
The vulnerabilities have been fixed in Ciso IOS versions 12.2(11)T3 and 12.2(13)T1.
Cisco Secure PIX Firewall
This vulnerability has been fixed in Cisco Secure PIX Software versions 5.2(9), 6.0(4), 6.1(4), 6.2(2) and later.
As a temporary workaround the SIP service can be disabled. If this is not a viable solution, outbound traffic as well as inbound traffic to broadcast addresses and the following ports should be filtered on the devices, firewalls and border routers:
5060/udp # Session Initiation Protocol (SIP)
5060/tcp # Session Initiation Protocol (SIP)
5061/tcp # Session Initiation Protocol (SIP) over TLS
Provided and/or discovered by:
Oulu University Secure Programming Group
Changelog:
2005-09-27: Added link to US-CERT vulnerability note.
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml
Other References:
http://www.cert.org/advisories/CA-2003-06.html
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
US-CERT VU#528719
http://www.kb.cert.org/vuls/id/528719
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
75 Related Secunia Security Advisories, displaying 10
|
|
|
1. Cisco Products DNS Cache Poisoning Vulnerability
|
|
2. Cisco Products SNMPv3 Two Vulnerabilities
|
|
3. Cisco IOS SSH Server Denial of Service
|
|
4. Cisco IOS Denial of Service Vulnerability
|
|
5. Cisco IOS Multiple Vulnerabilities
|
|
6. Cisco Unified IP Phone Multiple Vulnerabilities
|
|
7. Cisco IP Phone 7940 SIP INVITE Denial of Service Vulnerability
|
|
8. Cisco Products EAP Denial of Service Vulnerability
|
|
9. Cisco IOS Line Printer Daemon Buffer Overflow Vulnerability
|
|
10. Cisco IOS Regular Expressions Denial of Service
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
