In association with heise online

07 December 2007, 16:15

DoS vulnerabilities in Nokia N95 and Cisco 7940 IP phone

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to reports, a DoS vulnerability in the Nokia N95 mobile phone can be exploited to cause the device to freeze. It can then only be used again after a reboot. The report suggests that sending a few SIP INVITE packets to the N95's SIP client is enough to cause the phone to enter the abnormal state. By default, however, the SIP client is turned off. The vulnerability was discovered in firmware 12.0.013, but other versions and possibly other Nokia devices are also likely to be affected. According to the report, no statement has been issued by Nokia, although the vendor has been informed about the problem. No patch has been made available so far. Currently, the only workaround is to disable the N95 SIP client.

The authors of the Nokia report have also discovered a DoS vulnerability in the SIP implementation of the Cisco 7940 IP phone. According to their report, the device can be forced to reboot by sending a series of INVITE packets with no user name in the request URI. However, a successful exploit is said to require a valid user ID. The vulnerability has been confirmed for firmware P0S3-08-7-00. No update has yet been made available.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit