Net Manager
Network Managing, Engineering and Administration with an eye toward security.

Best practices meets the real world!

Wednesday, January 14, 2004  
Voice over IP Vulnerabilities

CERT has issued an advisory on the VoIP issues here: CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP). Specifically, there are a number of types of vulnerabilities to this issue including DOS, unstable system behaviors and unauthorized privilege escalations. There also is a list of vendors including Cisco, Microsoft, and Nortel. Please note the irony here in that on the CERT page it states: "Microsoft has investigated these issues. The Microsoft SIP client implementation is not affected." While this may be true, their ISA Server has a critical bug that can lead to privilege escalation that's not mentioned here.

posted by David | 1/14/2004 04:09:00 PM


Post a Comment

<< Home

News Links
Blog Links


Reading blogs at work? Click to escape to a suitable site!
Get Firefox

Site Meter

Powered by Blogger