Next Page >>
Session Initiation Protocol
multiple vulnerabilities as follows:
* Three SunRPC Inspection Denial of Service Vulnerabilities
* Three Transport Layer Security (TLS) Denial of Service
Vulnerabilities
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
Vulnerability
These vulnerabilities are not interdependent; a release that is
All UDP protocols that are being inspected by the Cisco ASA UDP
inspection engine may be vulnerable. The following protocols are known
to use the Cisco ASA UDP inspection engine:
* Domain Name System (DNS)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP)
* GPRS Tunneling Protocol (GTP)
* H.323, H.225 RAS
* Media Gateway Control Protocol (MGCP)
* SunRPC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20100324-sip
Revision 1.0
contains multiple denial of service (DoS) vulnerabilities in the
translation of the following protocols:
* NetMeeting Directory (Lightweight Directory Access Protocol,
LDAP)
* Session Initiation Protocol (Multiple vulnerabilities)
* H.323 protocol
All the vulnerabilities described in this document are caused by
packets in transit on the affected devices when those packets require
application layer translation.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Session
Initiation Protocol Denial of Service Vulnerability
Advisory ID: cisco-sa-20090923-cm
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerability
Advisory ID: cisco-sa-20090923-sip
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20110928-sip
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Cisco IOS Session Initiation
Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20080924-sip
http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Unified Communications Manager Session
Initiation Protocol Memory Leak Vulnerability
Advisory ID: cisco-sa-20110928-cucm
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Session Initiation
Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20100922-sip
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager Session
Initiation Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20080924-cucm
http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml
Summary
=======
The Cisco IOS Software Network Address Translation functionality
contains three denial of service (DoS) vulnerabilities. The first
vulnerability is in the translation of Session Initiation Protocol
(SIP) packets, the second vulnerability in the translation of H.323
packets and the third vulnerability is in the translation of H.225.0
call signaling for H.323 packets.
Cisco has released free software updates that address these
vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:
* Certificate Trust List (CTL) Provider
* Certificate Authority Proxy Function (CAPF)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP) Trap
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
=======
Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch
series of products. Each vulnerability described in this advisory is
independent from other. The vulnerabilities are related to processing
Session Initiation Protocol (SIP) or Media Gateway Control Protocol
(MGCP) messages.
Successful exploitation of all but one of these vulnerabilities can
crash the affected device. Exploitation of the remaining
vulnerability will not crash the affected device, but it can lead to
the Cisco TelePresence E/EX Personal Video units are desktop devices.
Software versions prior to TC 4.0.0 or F9.1 contain a vulnerability
that could cause a crash of the device and result in a denial of
service condition. This vulnerability is triggered by a crafted
Session Initiation Protocol (SIP) packet that is sent to an affected
device on port 5060 or 5061.
Software for the Cisco TelePresence units is available for download
at:
The second DoS vulnerability involves certain configurations of Media
Termination Points (MTP). One-way audio may be observed when an MTP
is configured with the g729ar8 codec only. In certain situations, an
interruption in service may occur and a stack trace will be generated
by the Session Initiation Protocol (SIP) process when processing the
Session Description Protocol SDP portion of a SIP call. This
vulnerability is documented in Cisco Bug ID CSCtc61990 ( registered
customers only) and has been assigned CVE identifier CVE-2011-2561.
This vulnerability applies only to Cisco Unified Communications
Manager versions 7.0(x) and later and is fixed in versions 7.1(5b)su4
Cisco Unified Communications Manager (previously known as Cisco
CallManager) contains the following vulnerabilities:
* Three (3) denial of service (DoS) vulnerabilities that affect
Session Initiation Protocol (SIP) services
* Directory transversal vulnerability
* Two (2) SQL injection vulnerabilities
Cisco has released free software updates for affected Cisco Unified
Communications Manager versions to address the vulnerabilities. A
vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:
* Certificate Trust List (CTL) Provider
* Certificate Authority Proxy Function (CAPF)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP) Trap
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco TelePresence Video Communication Server
Session Initiation Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20120229-vcs
Revision 1.0
_______________________________________________________________________
Problem Description:
A flaw in opal, the Open Phone Abstraction Library, was found in
how it handles certain Session Initiation Protocol (SIP) packets.
An attacker could use this vulnerability to crash an application
linked to opal, such as Ekiga.
Updated packages have been patched to prevent these issues.
_______________________________________________________________________
TLS Proxy for Encrypted Voice Inspection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This feature allows the security appliance to decrypt, inspect and
modify (as needed, for example, performing NAT fixup), and re-encrypt
voice signaling traffic while all of the existing VoIP inspection
functions for Skinny and Session Initiation Protocol (SIP) protocols are
preserved. Once voice signaling is decrypted, the plain-text signaling
message is passed to the existing inspection engines. The security
appliance accomplishes this by acting as a TLS proxy between the IP
phone and Cisco Unified CallManager, which implies that TLS sessions are
terminating on the security appliance.
The Cisco ACE Application Control Engine Module and Cisco ACE 4710
Application Control Engine contain the following DoS vulnerabilities:
* Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability
* HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS
vulnerability
* Secure Socket Layer (SSL) DoS vulnerability
* SIP inspection DoS vulnerability
Cisco has released free software updates for affected customers.
The TLS proxy for encrypted voice inspection feature allows the
security appliance to decrypt, inspect and modify (as needed, for
example, performing NAT fixup), and re-encrypt voice signaling
traffic while all of the existing VoIP inspection functions for SCCP
and Session Initiation Protocol (SIP) protocols are preserved. Once
voice signaling is decrypted, the plain-text signaling message is
passed to the existing inspection engines. The security appliance
accomplishes this by acting as a TLS proxy between the IP phone and
Cisco Unified CallManager and Cisco Unified Communications Manager,
which implies that TLS sessions are terminating on the security
Resource Reservation Protocol (RSVP) - port 1698
Layer Two Forwarding (L2F)/Layer Two Tunnel Protocol (L2TP) -
port 1701
IP SLA Responder - port 1967
Media Gateway Control Protocol (MGCP) - port 2427
Session Initiation Protocol (SIP) - port 5060
No other IPv4 UDP-based services are known to be affected.
How To Verify If IPv6 Is Enabled
+-------------------------------
************
The OmniPCX Enterprise is an integrated communications solution for
medium-sized businesses and large corporations. It combines the best of
the old (legacy TDM phone connectivity) with the new (a native IP
platform and support for Session Initiation Protocol, or SIP) to provide
an effective and complete communications solution for cost-conscious
companies on the cutting edge.
(from the vendor's homepage)
************
The OmniPCX Enterprise is an integrated communications solution for
medium-sized businesses and large corporations. It combines the best of
the old (legacy TDM phone connectivity) with the new (a native IP
platform and support for Session Initiation Protocol, or SIP) to provide
an effective and complete communications solution for cost-conscious
companies on the cutting edge.
(from the vendor's homepage)
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:
* TCP Connection Exhaustion Denial of Service Vulnerability
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerabilities
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
Vulnerability
============
"The OmniPCX Enterprise is an integrated communications solution for
medium-sized businesses and large corporations. It combines the best of
the old (legacy TDM phone connectivity) with the new (a native IP
platform and support for Session Initiation Protocol, or SIP) to provide
an effective and complete communications solution for cost-conscious
companies on the cutting edge."
(from the vendor's homepage)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Unified Communications Manager Session Initiation Protocol
Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20100922-cucmsip
http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucmsip.shtml
************
The OmniPCX Enterprise is an integrated communications solution for
medium-sized businesses and large corporations. It combines the best of
the old (legacy TDM phone connectivity) with the new (a native IP
platform and support for Session Initiation Protocol, or SIP) to provide
an effective and complete communications solution for cost-conscious
companies on the cutting edge.
(from the vendor's homepage)
Next Page>>
|
