HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-153
Cisco IOS Software Session Initiation Protocol (SIP) Message Memory Leak Denial of Service Vulnerability

Original Issue Date:October 08, 2008

Severity Rating: High

Systems Affected

  • All the devices configured with Cisco IOS SIP voice services

Overview

Cisco IOS products contain a message memory leak vulnerability that may cause a denial of service (DoS) condition.

Description

 SIP is a popular signaling protocol used to manage voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the
protocol is flexible to accommodate for other applications that
require call setup and termination. SIP call signaling can use UDP
(port 5060), TCP (port 5060), or TLS (TCP port 5061) as the
underlying transport protocol.

Multiple denial of service vulnerabilities exist in the SIP implementation in Cisco IOS. In all cases vulnerabilities can be triggered by processing valid SIP messages. These vulnerabilities may cause memory leakage in affected deices. The memory leak is caused by the processing of a specific type of valid SIP messages Repeated exploitation by an unauthenticated remote user, may cause the DOS condition to the voice services. Further, the excessive memory consumption by the VoIP services may cause slow processing or reloading of the device.

Workarounds

  • Disable SIP Service when it not required.
  • Disable SIP Listening Ports.
  • For devices that need to offer SIP services it is possible to use Control Plane Policing (CoPP) to block SIP traffic to the device from untrusted sources.

Solution

Apply appropriate fixed versions as mentioned in CISCO Security Advisory.
http://www.cisco.com/en/US/products/products_security_advisory
09186a0080a01562.shtml

Vendor Information

CISCO
http://www.cisco.com/en/US/products/products_security_advisory
09186a0080a01562.shtml

References

 CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=16651

SecurityTracker
http://www.securitytracker.com/alerts/2008/Sep/1020939.html

CVE Name
CVE-2008-3799

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003