SIP takes a hit

The CERT Coordination Center is warning of a vulnerability that is affecting products using the session initiation protocol (SIP).

CERT said the type of attack against the protocol can range from denial-of-service (DoS) attacks to the ability to execute arbitrary code on systems. However, the firm was not certain of all the products it was affecting.

According to CERT, the Oulu University Secure Programming Group has been examining vulnerabilities related to the SIP protocol. SIP is known as the signalling protocol for voice over IP (VoIP), Internet telephony and instant messaging (IM) applications.

The saving grace for many vendors is that they don’t ship products with the SIP protocol, including Apple Computer Inc., IBM and Hewlett-Packard Inc. Other tech heavyweights, including America Online Inc. and Microsoft Corp. have reported no vulnerabilities to date.

Cisco Systems is addressing the problem across its product line and has released an advisory, which can be found at

CERT is online at

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now