SIP: WWW-Authenticate Header "qop" Parameter Overflow

This signature detects a maliciously crafted Session Initiation Protocol (SIP) request containing a malformed WWW-Authenticate header parameter. An overly large "qop" parameter can be designed to exploit a buffer overflow condition in a device that handles the SIP protocol.

Extended Description

Successful exploitation would allow for arbitrary code injection and execution with the privileges of the currently logged in user. Code injection that does not result in execution would crash the application due to memory corruption and would result in the denial of service condition.

Short Name
VOIP:SIP:OVERFLOW:QPOP-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
VOIP
Keywords
"qop" Header Overflow Parameter WWW-Authenticate
Release Date
06/29/2006
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown

Found a potential security threat?