|
|
>> Cisco Unified IP Phones Overflow and Denial of Service Vulnerabilities
|
Multiple vulnerabilities have been identified in Cisco Unified IP Phones, which could be exploited by attackers to cause a denial of service or take complete control of an affected device.
The first issue is caused by a buffer overflow error when parsing DNS responses, which could be exploited by attackers to crash an affected device or execute arbitrary code.
The second vulnerability is caused by an error when handling large ICMP echo request packets, which could be exploited to reboot a vulnerable device, creating a denial of service condition.
The third issue is caused by an error when handling a specially crafted HTTP request sent to port 80/TCP, which could be exploited to reboot a vulnerable device, creating a denial of service condition.
The fourth issue is caused by a buffer overflow error in the internal Secure Shell (SSH) server when processing malformed packets, which could be exploited by unauthenticated attackers to crash a vulnerable device or execute arbitrary code.
The fifth vulnerability is caused by a buffer overflow error when handling SIP messages with malformed Multipurpose Internet Mail Extensions (MIME) encoded data, which could be exploited by attackers to crash a vulnerable device or execute arbitrary code.
The sixth issue is caused by a buffer overflow error in the internal telnet server (disabled by default) when processing malformed packets, which could be exploited by attackers to crash a vulnerable device or execute arbitrary code.
The seventh vulnerability is caused by a heap overflow error when handling a malformed challenge/response message from a SIP proxy, which could be exploited by attackers to crash a vulnerable device or execute arbitrary code.
Affected Products
Cisco Unified IP Phone 7906G
Cisco Unified IP Phone 7911G
Cisco Unified IP Phone 7935
Cisco Unified IP Phone 7936
Cisco Unified IP Phone 7940
Cisco Unified IP Phone 7940G
Cisco Unified IP Phone 7941G
Cisco Unified IP Phone 7960
Cisco Unified IP Phone 7960G
Cisco Unified IP Phone 7961G
Cisco Unified IP Phone 7970G
Cisco Unified IP Phone 7971G
Solution
Upgrade to the latest versions :
http://www.cisco.com/pcgi-bin/tablebuild.pl/ip-7900ser?psrtdcat20e2
http://www.cisco.com/pcgi-bin/tablebuild.pl/sip-ip-phone7960?psrtdcat20e2
References
http://www.vupen.com/english/advisories/2008/0543
http://www.cisco.com/warp/public/707/cisco-sa-20080213-phone.shtml
Credits
Vulnerabilities reported by Jon Griffin and Mustaque Ahamad of the School (Computer Science at the Georgia Institute of Technology), Sven Weizenegger (T-Systems), and the vendor.
ChangeLog
2008-02-14 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
