Intrusion Prevention

VoIP.SIP.INVITE.Message.PROTOS.Test.Suite

Description

This indicates an attempt to exploit one of several vulnerabilities in various implementations of the Session Initiation Protocol (SIP).
The vulnerabilities are a result of deficiencies in the handling of INVITE messages in several vendors' implementations. A remote authenticated attacker can cause a denial of service and possibly execute arbitrary code via crafted INVITE messages.

Affected Products

Avaya Converged Communication Server Any version
Cisco IOS 12.2T
Cisco IOS 12.2X
Cisco IP Phone 7940
Cisco IP Phone 7960
Cisco PIX Firewall 5.2(1) and later
Columbia University Sipc 1.74
Dymanicsoft Java SIP User Agent 6.0
Dymanicsoft Java SIP User Agent 5.0
Dymanicsoft C++ SIP User Agent
Dymanicsoft AppEngine
GNU osip 0.9.5
IPTel SIP Express Router (ser) 0.8.9 and prior
Nortel Succession Communication Server 2000
Nortel Succession Communication Server 2000 - Compact
partysip partysip 0.5.5 and prior

Impact

System compromise: remote code execution.

Recommended Actions

Apply the patch or update the program to highest version:
Avaya Converged Communication Server
http://support.avaya.com/japple/css/japple?PAGE=avaya.css.OpenPage&temp.template.name=SecurityAdvisory
Cisco IP Phone Model
Cisco Secure PIX Firewall
Cisco IOS 12.2T and 12.2X releases
http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml
GNU oSIP 0.9.6
ftp://ftp.gnu.org/gnu/osip/
IPTel SIP Express Router
http://www.iptel.org/ser/security/
partysip
http://savannah.gnu.org/download/partysip/

CVE References

CVE-2003-1109