The VoIP Mag

If you're new here, you may want to subscribe to our RSS feed. So that you can read the latest updates about VoIP Technology, Providers, VoIP Hardware, our Reviews or Price Comparisons for You to save and many more. Thanks for visiting The New VoIP Magazine!

Late on Friday, July 11, Mu Dynamics announced it had
discovered a vulnerability in ReSIProcate that could affect several VoIP
products.

ReSIProcate is a SIP stack and the advisory applies to any
product using repro SIP proxy/registrar 1.3.2; any product using the
ReSIProcate stack 1.3.2 may also be vulnerable.  A malformed INVITE or OPTIONS message to the
“repro” SIP proxy/registrar can crash the process; the fix is to
update to version 1.3.3 issued on July 3, 2008.

Exactly how vulnerable current VoIP deployments are to the vulnerability
is an open question; the advisory says the bug was fixed by the ReSIProcate
development team in a revision sent out on April 23 and the ReSIProcate development
team issued a formal bug fix on July 3.  There
is also not a laundry list of commercial and/or open source vendors incorporating
reSIProcate into their products.

For more:
- MarketWatch runs MuDynamics
security notification
- reSIProcate project website

Related articles:
Avaya, Cisco and Nortel Patching
VoIP ASAP
Newport
Networks Riles Up VoIP
Security Fears