Vigil@nce - WebSphere AS: denial of service via SIP UTF-8
August 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malformed UTF-8 character during a SIP
session, in order to block the SIP service of WebSphere
Application Server.
Severity: 2/4
Creation date: 01/08/2011
IMPACTED PRODUCTS
– IBM WebSphere Application Server
DESCRIPTION OF THE VULNERABILITY
The WebSphere Application Server product implements a SIP service.
The UTF-8 encoding can be used to represent Unicode characters on
several bytes:
– 1 to 7 bits : 0xxxxxxx
– 8 to 11 bits : 110xxxxx 10xxxxxx
– 12 to 16 bits : 1110xxxx 10xxxxxx 10xxxxxx
– 17 to 21 bits : 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
UTF-8 limits the encoding to 4 bytes and forbids usage of more
bytes than necessary. Bytes starting with bits 111110xx (or
superior bytes) thus cannot be used in a UTF-8 sequence.
However, when the SIP service of WebSphere AS receives a high
UTF-8 byte, it blocks instead of rejecting the sequence.
An attacker can therefore send a malformed UTF-8 character during
a SIP session, in order to block the SIP service of WebSphere
Application Server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WebSphere-AS-denial-of-service-via-SIP-UTF-8-10882