New User, Welcome!     Login

Next Page >>

SIP

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Hash: SHA256

Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20110928-sip

Revision 1.0

For Public Release 2011 September 28 1600 UTC (GMT)

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Hash: SHA1

Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20100922-sip

http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml

Revision 1.0

Cisco Security Advisory: Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities

Hash: SHA1

Cisco Security Advisory: Multiple Cisco IOS Session Initiation
Protocol Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20080924-sip

http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml

Revision 1.0

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Hash: SHA1

Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20100324-sip

Revision 1.0

For Public Release 2010 March 24 1600 UTC (GMT)

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Hash: SHA1

Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerability

Advisory ID: cisco-sa-20090923-sip

Revision 1.0

For Public Release 2009 September 23

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

The Cisco ACE Application Control Engine Module and Cisco ACE 4710
Application Control Engine contain the following DoS vulnerabilities:

  * Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability
  * HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS
    vulnerability
  * Secure Socket Layer (SSL) DoS vulnerability
  * SIP inspection DoS vulnerability

Cisco has released free software updates for affected customers.

Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Vulnerability

Summary
=======

Cisco IOS® devices that are configured with Cisco IOS Zone-Based
Policy Firewall Session Initiation Protocol (SIP) inspection are
vulnerable to denial of service (DoS) attacks when processing a
specific SIP transit packet. Exploitation of the vulnerability could
result in a reload of the affected device.

Cisco has released free software updates that address this

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances

multiple vulnerabilities as follows:

  * Three SunRPC Inspection Denial of Service Vulnerabilities
  * Three Transport Layer Security (TLS) Denial of Service
    Vulnerabilities
  * Session Initiation Protocol (SIP) Inspection Denial of Service
    Vulnerability
  * Crafted Internet Key Exchange (IKE) Message Denial of Service
    Vulnerability

These vulnerabilities are not interdependent; a release that is

Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in
                         Cisco PIX and Cisco ASA

Advisory ID: cisco-sa-20080903-asa

Revision 1.0

Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities

Summary
=======

Cisco Unified Communications Manager, formerly Cisco Unified
CallManager, contains two denial of service (DoS) vulnerabilities in
the Session Initiation Protocol (SIP) service. An exploit of these
vulnerabilities may cause an interruption in voice services.

Cisco will release free software updates that address these
vulnerabilities and this advisory will be updated as fixed software
becomes available. There are no workarounds for these

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances

Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:

  * TCP Connection Exhaustion Denial of Service Vulnerability
  * Session Initiation Protocol (SIP) Inspection Denial of Service
    Vulnerabilities
  * Skinny Client Control Protocol (SCCP) Inspection Denial of
    Service Vulnerability
  * WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
    Vulnerability

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

=======

Cisco Unified Communications Manager (formerly CallManager) contains
multiple denial of service (DoS) vulnerabilities that if exploited
could cause an interruption to voice services. The Session Initiation
Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are
affected by these vulnerabilities.

Cisco has released free software updates for select Cisco Unified
Communications Manager versions that address these vulnerabilities.
There are no workarounds for these vulnerabilities.

Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities

Cisco devices that are running Cisco IOS Software are vulnerable when
they are configured for NAT and contain support for one or more of
the following features:

  * NetMeeting Directory NAT (LDAP on TCP port 389)
  * NAT for Session Initiation Protocol (SIP)
  * NAT for H.323

The preferred method to verify whether NAT is enabled on a Cisco IOS
device is to log in to the device and issue the "show ip nat
statistics" command. If NAT is active the sections Outside interfaces

Cisco Security Advisory: Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities

  * 7961G
  * 7970G
  * 7971G

The following Cisco Unified IP Phone devices running Session
Initiation Protocol (SIP) firmware:

  * 7940
  * 7940G
  * 7960
  * 7960G

Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability

Summary
=======

Cisco Unified Communications Manager, which was formerly Cisco
Unified CallManager, contains a denial of service (DoS) vulnerability
in the Session Initiation Protocol (SIP) service. An exploit of this
vulnerability may cause an interruption in voice services.

Cisco has released free software updates that address this
vulnerability. There are no workarounds for this vulnerability.

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager

Cisco Unified Communications Manager (previously known as Cisco
CallManager) contains the following vulnerabilities:

  * Three (3) denial of service (DoS) vulnerabilities that affect
    Session Initiation Protocol (SIP) services
  * Directory transversal vulnerability
  * Two (2) SQL injection vulnerabilities

Cisco has released free software updates for affected Cisco Unified
Communications Manager versions to address the vulnerabilities. A

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

Summary
=======

Cisco Unified Communications Manager contains two denial of service
(DoS) vulnerabilities that affect the processing of Session
Initiation Protocol (SIP) messages. Exploitation of these
vulnerabilities could cause an interruption of voice services.

Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for these vulnerabilities.

Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerabilities

Summary
=======

Cisco Unified Communications Manager contains a memory leak
vulnerability that could be triggered through the processing of
malformed Session Initiation Protocol (SIP) messages. Exploitation of
this vulnerability could cause an interruption of voice services.
Cisco has released free software updates for supported Cisco Unified
Communications Manager versions to address the vulnerability. A
workaround exists for this SIP vulnerability.

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

Cisco Unified Communications Manager contains five (5) denial of
service (DoS) vulnerabilities.

Cisco has released free software updates for affected versions of
Cisco Unified Communications Manager to address the vulnerabilities.
A workaround exists for the SIP and Packet Capture Service DoS
vulnerabilities.

This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml

Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities

Hash: SHA1

Cisco Unified Communications Manager Session Initiation Protocol
Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20100922-cucmsip

http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucmsip.shtml

Revision 1.0

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:

  * Certificate Trust List (CTL) Provider
  * Certificate Authority Proxy Function (CAPF)
  * Session Initiation Protocol (SIP)
  * Simple Network Management Protocol (SNMP) Trap

Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.

Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities

=======

The Cisco IOS  Software Network Address Translation functionality
contains three denial of service (DoS) vulnerabilities. The first
vulnerability is in the translation of Session Initiation Protocol
(SIP) packets, the second vulnerability in the translation of H.323
packets and the third vulnerability is in the translation of H.225.0
call signaling for H.323 packets.

Cisco has released free software updates that address these
vulnerabilities.

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:

  * Certificate Trust List (CTL) Provider
  * Certificate Authority Proxy Function (CAPF)
  * Session Initiation Protocol (SIP)
  * Simple Network Management Protocol (SNMP) Trap

Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.

Cisco Security Advisory: Multiple vulnerabilities in Cisco PGW Softswitch

=======

Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch
series of products. Each vulnerability described in this advisory is
independent from other. The vulnerabilities are related to processing
Session Initiation Protocol (SIP) or Media Gateway Control Protocol
(MGCP) messages.

Successful exploitation of all but one of these vulnerabilities can
crash the affected device. Exploitation of the remaining
vulnerability will not crash the affected device, but it can lead to

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

=======

Cisco Unified Communications Manager (formerly Cisco CallManager)
contains multiple denial of service (DoS) vulnerabilities that if
exploited could cause an interruption of voice services. The Session
Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and
Computer Telephony Integration (CTI) Manager services are affected by
these vulnerabilities.

To address these vulnerabilities, Cisco has released free software
updates for select Cisco Unified Communications Manager versions.

Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities

Summary
=======

Cisco Unified Presence contains two denial of service (DoS)
vulnerabilities that affect the processing of Session Initiation
Protocol (SIP) messages. Exploitation of these vulnerabilities could
cause an interruption of presence services.

Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for these vulnerabilities.

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

               Asterisk Project Security Advisory - AST-2007-020

   +------------------------------------------------------------------------+
   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | Resource Exhaustion vulnerability in SIP channel  |
   |                    | driver                                            |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Denial of Service                                 |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |

WengoPhone SIP phone Remote Denial of Service vulnerability

Title
=====
WengoPhone SIP phone Remote Denial of Service vulnerability

Date
====
10 August 2007

Affected Software
=================

AST-2009-003: SIP responses expose valid usernames

               Asterisk Project Security Advisory - AST-2009-003

   +------------------------------------------------------------------------+
   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | SIP responses expose valid usernames              |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Information leak                                  |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|

CounterPath X-Lite SIP phone Remote Denial of Service vulnerability

Title
=====
CounterPath X-Lite SIP phone Remote Denial of Service vulnerability

Date
====
10 August 2007

Affected Software
=================
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!