|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3274 CVE : CVE-2007-5640 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : No Credit : Daniel Stirnimann Published : 23.10.2007
Advisory Text : ############################################################# # # COMPASS SECURITY ADVISORY http://www.csnc.ch/ # ############################################################# # # Product: IP Phone # Vendor: Nortel # Subject: IP Phone forced re-authentication # Risk: High # Effect: Currently exploitable # Author: Daniel Stirnimann (daniel.stirnimann (at) csnc (dot) ch) # Date: October, 18th 2007 # ############################################################# Introduction: ------------- The UNIStim signalisation protocol is vulnerable against spoofed re-authentication messages. A malicious user can send spoofed registration messages to the server to which a UNIStim IP phone is connected. This can force the legitimate IP phone into a situation where it must re-register with the server to maintain service. A continuous stream of these messages prevents the IP phone from properly registering. Nortel has noted this as: Title: DoS Potential Vulnerability - UNIStim IP Phone Forced to Re-register Number: 2007008385 http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY Vulnerable: ----------- Nortel IP Phone 1140E IP Softphone 2050 and others. See associated products on the Nortel advisory. Vulnerability Management: ------------------------- June 2007: Vulnerability found June 2007: Nortel Security notified October 2007: Nortel Advisory & Patches available October 2007: Compass Security Information Remediation: ------------ Follow the recommended actions for the affected systems, as identified in the Nortel Advisory. Technical Description: ---------------------- A malicious user can send a resume message to the signaling server to which an IP phone is connected. The resume message is a UNIStim UDP datagram. In order for the signaling server to detect which IP phone wants to resume the connection it reads the source IP address from the UDP datagram to identify the client. That means we can send a spoofed resume UNIStim UDP datagram. The server sends the new sequence number back to the IP phone. However, because we spoofed the above message, we don't see the response. The effect is that, the IP phone is out of sync with the server. During this time, the IP phone can not take on or make any calls. As soon as the IP phone realizes that it is out of sync (watchdog timeout expired) it will re-authenticate against the signaling server. Note that if the malicious user continues to send spoofed resume messages the hard phone will not be able to go online. Reference: http://www.csnc.ch/static/advisory/secadvisorylist.html  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |