JPCERT-AT-2007-0003
                                                             JPCERT/CC
                              January 31, 2007 (Original release date)

                  <<< JPCERT/CC Alert 2007-01-31 >>>

                SIP packets vulnerability in Cisco IOS

              http://www.jpcert.or.jp/at/2007/at070003.txt

I. Overview

  Cisco IOS, supporting voice services, contains a vulnerability in
the processing of SIP packets. SIP features for relevant versions of
Cisco IOS are enabled by default, and if the default settings are not
changed properly, a remote attacker could perform a Denial of Service
(DoS) attack.

  This problem can be solved by updating to the fixed versions of IOS
provided by Cisco Systems or by implementing workarounds available
from the following URL:

    Cisco Security Advisory:
    SIP Packet Reloads IOS Devices Not Configured for SIP
    http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml


II. Systems Affected

  For more information on the versions of Cisco IOS software that are
affected by this vulnerability, refer to the advisories released by
Cisco Systems.


III. Solution

  To fix these problems, apply the patches provided by Cisco Systems,
control access, or stop services as needed. For more information,
refer to the advisories and other information released by Cisco
Systems.


IV. Reference Information

    Cisco Security Advisory:
�@�@SIP Packet Reloads IOS Devices Not Configured for SIP
    http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml

    Cisco Applied Intelligence Response:
    Identifying and Mitigating Exploitation of the SIP Packet Reloads
    IOS Devices Not Configured for SIP Vulnerability
    http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtml


  If you have any information regarding this matter, please contact
us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/