TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
850
Signature ID: 34853
Remote eavesdropping with SIP Phone GXV-3000 vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4498 Bugtraq: 25399
Signature Description: Grandstream Networks is a leading designer and manufacturer of innovative, affordable, and
high quality IP voice and video products for the worldwide broadband telephony market. Grandstream SIP Phone
GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 is vulnerable to a denial of service, caused by
improper handling of the state engine in the SIP stack. After sending two messages specially crafted sequence of
INVITE and followed by a certain 183 Session Progress response message, remote attacker could eavesdrop and obtain
sensitive information or cause a denial of service. This signature give alert for 183 Session Progress response message
from UAS to UAC when the device using UDP for transport. Upgrade version 1.0.1.12 version available at
Grandstream Web site.
Signature ID: 34855
Remote eavesdropping with SIP Phone GXV-3000 vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4498 Bugtraq: 25399
Signature Description: Grandstream Networks is a leading designer and manufacturer of innovative, affordable, and
high quality IP voice and video products for the worldwide broadband telephony market. Grandstream SIP Phone
GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 is vulnerable to a denial of service, caused by
improper handling of the state engine in the SIP stack. After sending two messages specially crafted sequence of
INVITE and followed by a certain 183 Session Progress response message, remote attacker could eavesdrop and obtain
sensitive information or cause a denial of service. This signature give alert for 183 Session Progress response message
from UAS to UAC when the device using TCP for transport. Upgrade version 1.0.1.12 version available at
Grandstream Web site.
Signature ID: 34856
DOS vulnerability on Thomson SIP phone ST 2030 using the VIA Header
Threat Level: Warning
Industry ID: CVE-2007-4553 Bugtraq: 25446
Signature Description: Thomson ST2030 IP Phone is a hardphone, which uses the Session Initiation Protocol (SIP)
protocol. It will send an INVITE message which is used to initiate and maintain a communication session. Thomson
SpeedTouch 2030 VoIP phone 1.52.1 version and prior versions also vulnerable. In every SIP message the Via field is
must, this Via header field indicates the transport used for the transaction and identifies the location where the request
is to be sent. The attacker will send a crafted message where the a space is replaced by a slash after the SIP version in
the VIA, when the device receives this crafted message, then the device does not respond to any event provoking a
DoS. This signature particularly for messages from UAC to UAS when the device using UDP for transport. No remedy
is available.
Signature ID: 34857
DOS vulnerability on Thomson SIP phone ST 2030 using the VIA Header
Threat Level: Warning
Industry ID: CVE-2007-4553
Bugtraq: 25446
Signature Description: Thomson ST2030 IP Phone is a hardphone, which uses the Session Initiation Protocol (SIP)
protocol. It will send an INVITE message which is used to initiate and maintain a communication session. Thomson
SpeedTouch 2030 VoIP phone 1.52.1 version and prior versions also vulnerable. In every SIP message Via field must,
this Via header field indicates the transport used for the transaction and identifies the location where the response is to
be sent. The attacker will send a crafted message where the a space is replaced by a slash after the SIP version in the
VIA, when the device receives this crafted message,then the device does not respond to any event provoking a DoS.