Vulnerabilities Found by PROTOS SIP Test Suite
Obtaining fixed software
Sipc (version 1.74) contains vulnerabilities in the processing of
Session Initiation Protocol (SIP) INVITE messages. These vulnerabilities
were identified by the University of Oulu Secure Programming Group
(OUSPG) "PROTOS" Test Suite for SIP and can be repeatedly exploited
to produce a denial of service. In sipc (version 2.0, build 2003-02-21),
these vulnerabilities have been fixed.
Sipc (version 1.74) fails on several test-groups of "PROTOS" Test Suite for SIP .
The test cases cause sipc sending responses to invalid addresses or
hanging on mis-formatted or fragmented SIP INVITE messages.
These vulnerabilities have been resolved in
sipc (verson 2.0, build 2003-02-21) with adding stricter
address checking and more robust error handling functions.
email@example.com for software upgrade for sipc
(version 2.0, build 2003-02-21).