INVITE of Death: vulnerability allows the attacker to crash the SIP server causing remote Denial of Service (DOS). We launch novel attack in which we generate non-standard SIP messages (malformed), that are intelligently crafted to exploit vulnerabilities in the SIP parser or in poor implementation of a SIP server. We show that an imposter can, using a malformed packet, overflow the specific string buffers, add large number of token characters and modify fields in an illegal fashion. As a result, a server is tricked to reach an undefined state, which can lead to call processing delays, an unauthorized access and a complete denial of service.
The vulnerability advisory along with proof of concept code can be found here. To read the full research paper click here.
SMS Black Mamba: (Disclosure Pending)