Intrusion Prevention



This indicates an attempt to exploit one of several vulnerabilities in various implementations of the Session Initiation Protocol (SIP).
The vulnerabilities are a result of deficiencies in the handling of INVITE messages in several vendors' implementations. A remote authenticated attacker can cause a denial of service and possibly execute arbitrary code via crafted INVITE messages.

Affected Products

Avaya Converged Communication Server Any version
Cisco IOS 12.2T
Cisco IOS 12.2X
Cisco IP Phone 7940
Cisco IP Phone 7960
Cisco PIX Firewall 5.2(1) and later
Columbia University Sipc 1.74
Dymanicsoft Java SIP User Agent 6.0
Dymanicsoft Java SIP User Agent 5.0
Dymanicsoft C++ SIP User Agent
Dymanicsoft AppEngine
GNU osip 0.9.5
IPTel SIP Express Router (ser) 0.8.9 and prior
Nortel Succession Communication Server 2000
Nortel Succession Communication Server 2000 - Compact
partysip partysip 0.5.5 and prior


System compromise: remote code execution.

Recommended Actions

Apply the patch or update the program to highest version:
Avaya Converged Communication Server
Cisco IP Phone Model
Cisco Secure PIX Firewall
Cisco IOS 12.2T and 12.2X releases
GNU oSIP 0.9.6
IPTel SIP Express Router

CVE References