20 March 2007, 15:03
DoS vulnerability in Cisco's SIP telephones
According to a security advisory, Cisco's 7940/7960 SIP telephones can be rebooted with a specially prepared INVITE message. This vulnerability would probably be especially disturbing if the attacker exploited this DoS vulnerability whilst you were making a call.
The problem occurs in the analysis of an sipURI field in the other caller's INVITE message. Devices with firmware version P0S3-07-4-00 are affected, while the vulnerability has been remedied in POS8-6-0. The security advisory contains an exploit of only a few lines written in Perl to demonstrate the vulnerability.
- CISCO Phone 7940 DOS vulnerability, post at Full Disclosure
(ehe)
Print Version | Send by email
| Permalink: http://h-online.com/-732515
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
