Signature Detail
Short Name |
VOIP:SIP:OVERFLOW:QPOP-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
VOIP |
Keywords |
codenomicon sip header |
Release Date |
2006/06/29 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SIP: WWW-Authenticate Header "qop" Parameter Overflow
This signature detects a maliciously crafted Session Initiation Protocol (SIP) request containing a malformed WWW-Authenticate header parameter. An overly large "qop" parameter can be designed to exploit a buffer overflow condition in a device that handles the SIP protocol.
Extended Description
Successful exploitation would allow for arbitrary code injection and execution with the privileges of the currently logged in user. Code injection that does not result in execution would crash the application due to memory corruption and would result in the denial of service condition.
References