SIP: MultiTech VoIP Gateway Invite Overflow
This signature detects attempts to exploit a known vulnerability in MultiTech's VoIP Gateway product. Sending an overly long INVITE request to a MultiTech VOIP Gateway can cause either a denial of service (DoS) or can allow an attacker to take control of the gateway with the priviledges of the gateway process. Patches are available. This signature can trigger on non-malicious sessions from devices that send extra data. Use this signature only if you have a MultiTech VOIP Gateway installed in your network.
Extended Description
MultiTech MultiVOIP devices are prone to a remotely exploitable buffer overflow vulnerability. Successful exploitation could result in a denial of service or potential arbitrary code execution. This vulnerability may also be present in third-party devices that implement the MultiTech VOIP Gateway and protocol stack.
Affected Products
Multitech multivoip
References
BugTraq: 15711
CVE: CVE-2005-4050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4050 http://www.frsirt.com/english/advisories/2005/2781
Short Name
VOIP:SIP:MULTI-TECH-INVITE-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
VOIP
Keywords
CVE-2005-4050 Gateway Invite MultiTech Overflow VoIP bid:15711
Release Date
03/16/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Multitech
CVSS Score
7.5