Mu Dynamics, a pioneer in helping network operators and their vendors eliminate downtime through proactive service assurance, has discovered and helped remediate a new programming flaw in ReSIProcate.
The remotely exploitable Denial of Service vulnerability is discovered in the ReSIProcate components, particularly the SIP stack, and is currently used in several VoIP commercial and open-source products.
The project exists to maintain a complete, correct, and commercially usable implementation of SIP and a few related protocols. While any product using the ReSIProcate SIP stack 1.3.2 may also be vulnerable, it primarily affects repro SIP proxy/registrar 1.3.2, according to Mu Dynamics.
The ReSIProcate is a SIP stack, and the SIP is a protocol used for session establishment that is widely used to support voice-over-IP telephony. “repro” is a SIP proxy/registrar that uses the ReSIProcate SIP stack. http://www.resiprocate.org/
The vulnerabilits is a malformed INVITE or OPTIONS message to the “repro” SIP proxy/ registrar can crash the process. The crash is caused by an assertion failure that occurs when the domain name in the request line URI is too long, according to Mu engineers.
This bug was also fixed by the ReSIProcate development team in SVN on April 23, 2008.
Mu Dynamics proactively eliminates the high cost of service, application and network downtime. Mu's solution automates a systematic and repeatable process that identifies hard-to-detect sources of potential downtime within IP services, applications, and underlying networks.
The Mu solution is deployed at more than 100 locations, primarily at leading global service providers, cable operators and network product vendors, according to the Sunnyvale, Calif.-based company.
Tim Gray is a Web Editor for TMCnet, covering news in the IP communications, call center and customer relationship management industries. To see more of his articles, please visit Tim Gray’s columnist page.
Don't forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.