[VOIPSEC] Actual Attacks - UA handling
xwang at edgewaternetworks.com
Wed Mar 2 17:32:45 GMT 2005
Mark, here is another URL related issue. Some SIP phones show the
unauthenticated "display name" first then the URL as caller ID. A long
display name will push the URL out of a phone's LCD window. Also, SIP RFC
allows the use of escape char in display name string, although I haven't
seen it actually implemented by many vendors.
Putting together, and with some social engineering skills, a hacker may
launch a low tech but effective attack to an unalerted user.
>Date: Tue, 1 Mar 2005 08:20:59 -0500 (GMT-05:00)
>From: Mark Teicher <mht3 at earthlink.net>
>Subject: RE: [VOIPSEC] Actual Attacks - UA handling
>To: Voipsec at voipsa.org
> <16730194.1109683259760.JavaMail.root at waldorf.psp.pas.earthlink.net>
>Content-Type: text/plain; charset=us-ascii
>Just validating whether a VOIP's implementation allows for buffer overflow
in a URI >over a REGISTER request over UDP is possible.
>Most UA should not accept a malicious request over 255 characters as the
username, but >some of the major player implementations do, and no
configuration option to restrict >>how many characters a UA should accept.
More information about the Voipsec