Last Updated: 2007-02-10 23:59:39 UTC
by Koon Yaw Tan (Version: 1)
Cisco has updated its security advisory on the recent issue on some affected version of Cisco IOS can be crashed by certain crafted SIP packets destined to port 5060. The issue is compounded by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for SIP.
Cisco reported that there are data streams that could appear to be unintentionally triggering the vulnerability as well.
Cisco IOS SIP Packet Handling Remote Denial Of Service Vulnerability
Bugtraq ID: 22330
Class: Failure to Handle Exceptional Conditions
CISCO IOS is prone to a denial-of-service vulnerability.
This issue affects only devices that support voice communications but don't have SIP enabled.
Attackers can exploit this issue to reload a vulnerable device.
IOS releases subsequent to 12.3(14)T, 12.3(8)YC1, and 12.3(8)YG are vulnerable. All 12.4 releases are affected as well.
Updated: Feb 10 2007 07:37AM
Credit: The vendor disclosed this issue.