HTC HyTN using Windows Mobile 5 PPC and AGEPhone SIP soft phone are vulnerable to malformed delimiter

Overview

AGEPhone installed on Pocket PC running Windows Mobile 5 operating system is vulnerable to specially crafted malformed SIP message sent over WLAN connection potentially causing currently active call to get disconnected.

Impact

Successful exploitation of this vulnerability during an active call disconnects the call. AGEPhone soft phone exists abnormally and must be restarted.

Description

SIP messages may carry SDP protocol bodies to negotiate session parameters. AGEPhone, which is a popular SIP client for Windows Mobile 5 pocket PC operating system, is vulnerable to malformed SDP delimiter. An attacker can send a specially crafted SIP message with a malformed SDP delimiter which causes the AGEPhone soft phone to exit abnormally. This malformed message makes the phone ring and when the user accepts the call, the AGEPhone exits and must be restarted.

Solution

AGEPhone SIP parser implementations should be patched to check header delimiters. A deep packet inspection device can also be used to detect and drop malformed SIP messages before passing them to the phone.

Vendor Response:

ageet Corporation: The vulnerability has been fixed in AGEphone version 1.62 which was released on 16/03/2007 on the vendor's page: http://www.ageet.com/us/download.htm. Users are advised to update to version 1.62 or later.

Microsoft: Windows Mobile code is not vulnerable

For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com