ID
VAR-E-200302-0154
TITLE
Multiple Vendor Session Initiation Protocol Vulnerabilities
Trust: 0.3
DESCRIPTION
The Oulu University Secure Programming Group has reported numerous vulnerabilities in Session Initiation Protocol (SIP) implementations. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances.
These issues are related to handling of SIP INVITE messages.
Exploitation and the specific nature of each vulnerability may depend on the particular implementation.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios 12.2xk | scope: | - | version: | - | Trust: 0.9 |
| vendor: | cisco | model: | ios 12.2 xe | scope: | - | version: | - | Trust: 0.9 |
| vendor: | cisco | model: | ios 12.2xq | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | ios 12.2xj | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | ios 12.2 xh | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | ios 12.2 xa | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | ios 12.2 xd1 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | partysip | model: | partysip | scope: | eq | version: | 0.5.5 | Trust: 0.3 |
| vendor: | partysip | model: | partysip | scope: | eq | version: | 0.5.4 | Trust: 0.3 |
| vendor: | partysip | model: | partysip | scope: | eq | version: | 0.5.3-1 | Trust: 0.3 |
| vendor: | partysip | model: | partysip | scope: | eq | version: | 0.5.3 | Trust: 0.3 |
| vendor: | partysip | model: | partysip | scope: | eq | version: | 0.5.2-1 | Trust: 0.3 |
| vendor: | partysip | model: | partysip | scope: | eq | version: | 0.5.2 | Trust: 0.3 |
| vendor: | partysip | model: | partysip | scope: | eq | version: | 0.5.1-1 | Trust: 0.3 |
| vendor: | partysip | model: | partysip | scope: | eq | version: | 0.5.1 | Trust: 0.3 |
| vendor: | partysip | model: | partysip | scope: | eq | version: | 0.5.0 | Trust: 0.3 |
| vendor: | nortel | model: | networks succession communication server compact | scope: | eq | version: | 2000- | Trust: 0.3 |
| vendor: | nortel | model: | networks succession communication server | scope: | eq | version: | 2000 | Trust: 0.3 |
| vendor: | iptel | model: | sip express router | scope: | eq | version: | 0.8.9 | Trust: 0.3 |
| vendor: | iptel | model: | sip express router | scope: | eq | version: | 0.8.8 | Trust: 0.3 |
| vendor: | gnu | model: | osip | scope: | eq | version: | 0.9.5 | Trust: 0.3 |
| vendor: | dymanicsoft | model: | java sip user agent | scope: | eq | version: | 6.0 | Trust: 0.3 |
| vendor: | dymanicsoft | model: | java sip user agent | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | dymanicsoft | model: | c++ sip user agent | scope: | - | version: | - | Trust: 0.3 |
| vendor: | dymanicsoft | model: | appengine | scope: | - | version: | - | Trust: 0.3 |
| vendor: | columbia | model: | university sipc | scope: | eq | version: | 1.74 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2(1) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0(1) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.3(3) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.3(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.3(1.200) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.3(1) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.3 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(7) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(6) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(5) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(3.210) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(1) | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 7960 | Trust: 0.3 |
| vendor: | cisco | model: | ip phone | scope: | eq | version: | 7940 | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xw | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xt | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xs | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xr | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xn | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xm | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xl | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xi | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xh | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xg | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xf | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xe | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xd | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xc | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xb | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xa | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2t | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xu2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xu | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xt3 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xt | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xn | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xk2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xk | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xj1 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xj | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xi2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xi1 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xi | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xh3 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xh2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xg | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xf | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xb4 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xb3 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xb | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xa5 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xa1 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 t4 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 t | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xs1 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xs | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xq | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xe3 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xe2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xd4 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xd3 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 xd | scope: | - | version: | - | Trust: 0.3 |
| vendor: | avaya | model: | converged communications server | scope: | eq | version: | 2.0 | Trust: 0.3 |
| vendor: | partysip | model: | partysip | scope: | ne | version: | 0.5.6 | Trust: 0.3 |
| vendor: | iptel | model: | sip express router | scope: | ne | version: | 0.8.10 | Trust: 0.3 |
| vendor: | gnu | model: | osip | scope: | ne | version: | 0.9.6 | Trust: 0.3 |
| vendor: | columbia | model: | university sipc | scope: | ne | version: | 2.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | ne | version: | 6.2(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | ne | version: | 6.1(4) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | ne | version: | 6.0(4) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | ne | version: | 5.2(9) | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 t1 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2 t3 | scope: | ne | version: | - | Trust: 0.3 |
EXPLOIT
Proof of concept exploits have been made available in the PROTOS Test-Suite: c07-sip, distributed by The Oulu University Secure Programming Group. See the appropriate link in vulnerability references for additional details.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Discovery is credited to the Oulu University Secure Programming Group.
Trust: 0.3
EXTERNAL IDS
| db: | CERT/CC | id: | VU#528719 | Trust: 0.3 |
| db: | BID | id: | 6904 | Trust: 0.3 |
REFERENCES
| url: | http://www.kb.cert.org/vuls/id/528719 | Trust: 0.3 |
| url: | http://www.dynamicsoft.com/support/advisory/ca-2003-06.php | Trust: 0.3 |
| url: | http://www.iptel.org/ | Trust: 0.3 |
| url: | http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/ | Trust: 0.3 |
| url: | http://www.cert.org/advisories/ca-2003-06.html | Trust: 0.3 |
| url: | http://www.fsf.org/software/osip/osip.html | Trust: 0.3 |
| url: | http://support.avaya.com/japple/css/japple?temp.groupid=128450&temp.selectedfamily=128451&temp.selectedproduct=154235&temp.selectedbucket=126655&temp.feedbackstate=askforfeedback&temp.documentid=16123 | Trust: 0.3 |
| url: | http://www.partysip.org/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 6904 |
LAST UPDATE DATE
2022-07-27T10:02:24.597000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 6904 | date: | 2003-02-21T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 6904 | date: | 2003-02-21T00:00:00 |