SIP: Invalid Character

This anomaly triggers when it detects non-printable ASCII characters in the first line of a Session Initiation Protocol (SIP) request or response.

Extended Description

Many vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in various protocol dissectors. These issues include: - Buffer-overflow vulnerabilities - Format-string vulnerabilities - NULL-pointer dereference denial-of-service vulnerabilities - Segmentation fault denial-of-service vulnerabilities - Infinite-loop denial-of-service vulnerabilities - Memory exhaustion denial-of-service vulnerabilities - Double-free vulnerabilities - Unspecified denial-of-service vulnerabilities These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application. Various vulnerabilities affect several versions of Ethereal, from 0.8.14 through to 0.10.10. This BID will be split into individual BIDs for each separate issue. BID 13567 has been created for the DISTCC issue.

Affected Products

Avaya s8500,Suse linux

Short Name
VOIP:SIP:AUDIT:INV-CHARACTER
Severity
Minor
Recommended
False
Recommended Action
None
Category
VOIP
Keywords
CVE-2005-1461 bid:13504 character invalid sip
Release Date
08/30/2006
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Red_hat

Conectiva

Suse

Ethereal_group

Avaya

Sgi

CVSS Score

7.5

Found a potential security threat?