TMCnews

SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community


TMCnews Featured Article


July 17, 2008

Mu Dynamics Discovers Remote Denial Of Service Vulnerability In Widely Used VoIP ReSIProcate Product

By Tim Gray, TMCnet Web Editor


Mu Dynamics, a pioneer in helping network operators and their vendors eliminate downtime through proactive service assurance, has discovered and helped remediate a new programming flaw in ReSIProcate.
 
The remotely exploitable Denial of Service vulnerability is discovered in the ReSIProcate components, particularly the SIP stack, and is currently used in several VoIP commercial and open-source products.  

The project exists to maintain a complete, correct, and commercially usable implementation of SIP and a few related protocols. While any product using the ReSIProcate SIP stack 1.3.2 may also be vulnerable, it primarily affects repro SIP proxy/registrar 1.3.2, according to Mu Dynamics.
 
The ReSIProcate is a SIP stack, and the  SIP is a protocol used for session establishment that is widely used to support voice-over-IP telephony.  “repro” is a SIP proxy/registrar that uses the ReSIProcate SIP stack.  http://www.resiprocate.org/
 
The vulnerabilits is a malformed INVITE or OPTIONS message to the “repro” SIP proxy/ registrar can crash the process.  The crash is caused by an assertion failure that occurs when the domain name in the request line URI is too long, according to Mu engineers.
 
A vendor response /solution is available from https://www.resiprocate.org/files/pub/reSIProcate/releases/
 
This bug was also fixed by the ReSIProcate development team in SVN on April 23, 2008.
 
Mu Dynamics proactively eliminates the high cost of service, application and network downtime. Mu's solution automates a systematic and repeatable process that identifies hard-to-detect sources of potential downtime within IP services, applications, and underlying networks.
 
The Mu solution is deployed at more than 100 locations, primarily at leading global service providers, cable operators and network product vendors, according to the Sunnyvale, Calif.-based company.
 
Tim Gray is a Web Editor for TMCnet, covering news in the IP communications, call center and customer relationship management industries. To see more of his articles, please visit Tim Gray’s columnist page.

Don't forget to check out TMCnet’s
White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.



blog comments powered by Disqus

Technology Marketing Corporation

800 Connecticut Ave, 1st Floor East, Norwalk, CT 06854 USA
Ph: 800-243-6002, 203-852-6800
Fx: 203-866-3326

General comments: tmc@tmcnet.com.
Comments about this site: webmaster@tmcnet.com.

STAY CURRENT YOUR WAY

© 2014 Technology Marketing Corporation. All rights reserved | Privacy Policy