|
|
多个厂商会话初始化协议(Session Initiation Protocol)漏洞
发布时间:2003-03-02
更新时间:2003-03-02
严重程度:高
威胁程度:本地拒绝服务
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:6904
受影响系统Cisco IOS 12.2 XW
Cisco IOS 12.2 XT
Cisco IOS 12.2 XS
Cisco IOS 12.2 XR
Cisco IOS 12.2 XQ
Cisco IOS 12.2 XQ
Cisco IOS 12.2 XN
Cisco IOS 12.2 XM
Cisco IOS 12.2 XL
Cisco IOS 12.2 XK
Cisco IOS 12.2 XK
Cisco IOS 12.2 XK
Cisco IOS 12.2 XJ
Cisco IOS 12.2 XJ
Cisco IOS 12.2 XI
Cisco IOS 12.2 XH
Cisco IOS 12.2 XG
Cisco IOS 12.2 XF
Cisco IOS 12.2 XE
Cisco IOS 12.2 XD
Cisco IOS 12.2 XC
Cisco IOS 12.2 XB
Cisco IOS 12.2 XA
Cisco IOS 12.2 T
Cisco IOS 12.2 (2)XU2
Cisco IOS 12.2 (2)XU
Cisco IOS 12.2 (2)XT3
Cisco IOS 12.2 (2)XT
Cisco IOS 12.2 (2)XN
Cisco IOS 12.2 (2)XK2
Cisco IOS 12.2 (2)XK
Cisco IOS 12.2 (2)XJ1
Cisco IOS 12.2 (2)XJ
Cisco IOS 12.2 (2)XI2
Cisco IOS 12.2 (2)XI1
Cisco IOS 12.2 (2)XI
Cisco IOS 12.2 (2)XH3
Cisco IOS 12.2 (2)XH2
Cisco IOS 12.2 (2)XH
Cisco IOS 12.2 (2)XG
Cisco IOS 12.2 (2)XF
Cisco IOS 12.2 (2)XB4
Cisco IOS 12.2 (2)XB3
Cisco IOS 12.2 (2)XB
Cisco IOS 12.2 (2)XA5
Cisco IOS 12.2 (2)XA1
Cisco IOS 12.2 (2)XA
Cisco IOS 12.2 (2)T4
Cisco IOS 12.2 (11)T
Cisco IOS 12.2 (1)XS1
Cisco IOS 12.2 (1)XS
Cisco IOS 12.2 (1)XQ
Cisco IOS 12.2 (1)XH
Cisco IOS 12.2 (1)XE3
Cisco IOS 12.2 (1)XE2
Cisco IOS 12.2 (1)XE
Cisco IOS 12.2 (1)XE
Cisco IOS 12.2 (1)XE
Cisco IOS 12.2 (1)XD4
Cisco IOS 12.2 (1)XD3
Cisco IOS 12.2 (1)XD1
Cisco IOS 12.2 (1)XD1
Cisco IOS 12.2 (1)XD
Cisco IOS 12.2 (1)XA
Cisco IP Phone 7940
Cisco IP Phone 7960
Cisco PIX Firewall 5.2 (7)
Cisco PIX Firewall 5.2 (6)
Cisco PIX Firewall 5.2 (5)
Cisco PIX Firewall 5.2 (3.210)
Cisco PIX Firewall 5.2 (2)
Cisco PIX Firewall 5.2 (1)
Cisco PIX Firewall 5.3 (3)
Cisco PIX Firewall 5.3 (2)
Cisco PIX Firewall 5.3 (1.200)
Cisco PIX Firewall 5.3 (1)
Cisco PIX Firewall 5.3
+Cisco PIX Firewall 515
+Cisco PIX Firewall 520
Cisco PIX Firewall 6.0 (2)
Cisco PIX Firewall 6.0 (1)
Cisco PIX Firewall 6.0
+Cisco PIX Firewall 515
+Cisco PIX Firewall 520
Cisco PIX Firewall 6.1 (2)
Cisco PIX Firewall 6.2 (1)
IPTel SIP Express Router 0.8.8
IPTel SIP Express Router 0.8.9
Nortel Networks Succession Communication Server 2000
Nortel Networks Succession Communication Server 2000 - Compact 详细描述
Oulu University Secure Programming Group报告了多个厂商的会话初始化协议(Session Initiation Protocol,SIP)实现上存在多个漏洞,根据具体环境的不同,这些漏洞可导致从拒绝服务攻击到执行任意代码等不同的威胁。
解决方案
Cisco已经在Cisco IP Phone SIP映象P0S3-04-2-00及以后版本和PIX防火墙5.2(9)、6.0(4)、6.1(4)、6.2(2)及以后版本中修复了此安全问题。Cisco IOS 12.2(11)T3和12.2(13)T1包含了此漏洞修复。
IPTel在SIP Express Router 0.8.10中解决了此问题。
相关信息
Oulu University Secure Programming
PROTOS Test-Suite: c07-sip
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
|
