Session Initiation Protocol
Created 2/24/03
Impact
A remote attacker could create a denial of service or
execute arbitrary commands.
Background
The Session
Initiation Protocol (SIP) is a signaling protocol for
a variety of uses, including instant messanging and Voice
over Internet Protocol. Although it is currently implented
by only a few vendors, it is under ongoing
development and could eventually be widely deployed.
Types of SIP-enabled devices include user agent clients,
user agent servers, redirect servers, proxies, and
registrars.
SIP uses UDP port 5060 and, in more recent cases, TCP port
5060. The protocol uses plain text commands, headers, and
response codes, similar to HTTP.
The Problem
A variety of problems in some implementations of SIP could
allow a remote attacker to cause a denial of service or
execute arbitrary commands. The problems could be exploited
by sending an INVITE command containing
overflows, format strings, malformed headers, and other
types of improper input to user agent servers or proxies.
Resolution
Disable SIP if it is not in use. If it is in use, check
CERT Advisory 2003-06
to find out if a patch is available from your vendor. It
is also a good idea to block ports 5060/udp, 5060/tcp, and
5061/tcp at the network perimeter.
Where can I read more about this?
For more information, see
CERT Advisory 2003-06 and the paper on
PROTOS Test Suite c07-sip.