Cisco IOS SIP报文处理远程拒绝服务漏洞

Cisco IOS是Cisco网络设备所使用的操作系统。 运行IOS且支持语音通讯的Cisco设备默认下启用了SIP，但可能没有正确配置。如果向这样的设备发送特制的SIP报文的话，就可能导致设备重启。 Cisco IOS 12.4 Cisco IOS 12.3 临时解决方法： * 关闭SIP处理 Enter configuration commands, one per line. End with CNTL/Z. Router(config)#sip-ua Router(config-sip-ua)#no transport udp Router(config-sip-ua)#no transport tcp Router(config-sip-ua)#end * 控制面整型，在网络中应用以下CoPP示例： !-- Permit all TCP and UDP SIP traffic sent to all IP addresses !-- configured on all interfaces of the affected device so that it !-- will be policed and dropped by the CoPP feature access-list 100 permit tcp any any eq 5060 access-list 100 permit udp any any eq 5060 !-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4 !-- traffic in accordance with existing security policies and !-- configurations for traffic that is authorized to be sent !-- to infrastructure devices ! !-- Create a Class-Map for traffic to be policed by !-- the CoPP feature class-map match-all drop-sip-class match access-group 100 !-- Create a Policy-Map that will be applied to the !-- Control-Plane of the device policy-map drop-sip-traffic class drop-sip-class drop !-- Apply the Policy-Map to the Control-Plane of the !-- device control-plane service-policy input drop-sip-traffic 厂商补丁： Cisco ----- Cisco已经为此发布了一个安全公告（cisco-sa-20070131-sip）以及相应补丁: cisco-sa-20070131-sip：SIP Packet Reloads IOS Devices Not Configured for SIP 链接：<a href="http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml" target="_blank">http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml</a>