Columbia SIP User Agent CU IRT

Overview
Features
Download
User Manual
Feedback
Credits
F.A.Q.
Publications
Links

Vulnerabilities Found by PROTOS SIP Test Suite

Content

Summary
Details
Obtaining fixed software


Summary

Sipc (version 1.74) contains vulnerabilities in the processing of Session Initiation Protocol (SIP) INVITE messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for SIP and can be repeatedly exploited to produce a denial of service. In sipc (version 2.0, build 2003-02-21), these vulnerabilities have been fixed.

Details

Sipc (version 1.74) fails on several test-groups of "PROTOS" Test Suite for SIP . The test cases cause sipc sending responses to invalid addresses or hanging on mis-formatted or fragmented SIP INVITE messages. These vulnerabilities have been resolved in sipc (verson 2.0, build 2003-02-21) with adding stricter address checking and more robust error handling functions.

Obtaining fixed software

Please contact sjpittsman@learningspan.com for software upgrade for sipc (version 2.0, build 2003-02-21).

Last updated by Xiaotao Wu