Next Page >>
VoIP
Title:
======
Phonalisa v5.0 VoiP - Multiple Web Vulnerabilities
Date:
=====
2012-06-16
addressed in this advisory.
There are no workarounds available to mitigate the effects of any of
the vulnerabilities apart from disabling the protocol or feature
itself, if administrators do not require the Cisco IOS device to
provide voice over IP services.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml
Note: The September 24, 2008 IOS Advisory bundled publication
#
#################################################
#
# Product: OmniPCX Enterprise
# Vendor: Alcatel
# Subject: VoIP Phone Audio Stream Rerouting Vulnerability
# Risk High
# Effect Currently exploitable
# Author: Daniel Stirnimann (daniel.stirnimann (at) csnc (dot) ch)
# Date: November, 19th 2007
#
- Jason Medeiros, The Last Stand: 100% Automatic 0day, Achieved,
Explained, and Demonstrated.
- Alexander Lash, CDMA Unlocking and Modification
- Kevin Bauer, Damon McCoy, BitBlender: Providing Lightweight
Anonymity for BitTorrent
- Jason Ostrom, John Kindervag, VoIP Penetration Testing: Lessons
Learned, Tools and Techniques
- Deviant Ollam, Beating Back the Physical Security Boogeyman: How to
Stop Fearing Things That Go Bump in the Night
- Nathan Rittenhouse, Byakugan: Automating Exploitation
- Richard Rushing, Hotspot Analysis: Looking at Hotspots with a Magnifying Glass
==============================================================
Secur-I Research Group Security Advisory [ SV-2012-005]
==============================================================
Title: Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability
Product: Yealink Easy VOIP Phone
Homepage: http://www.yealink.com/
Impact: Medium
Authentication: Required
CVE: CVE-2012-1417
Cisco Multiservice IP-to-IP Gateway) is a special Cisco IOS Software
image that runs on Cisco multiservice gateway platforms. It provides
a network-to-network interface point for billing, security, call
admission control, quality of service, and signaling interworking.
Cisco Unified Border Element feature requires the "voice service voip"
command and the "allow-connections" subcommand. An example of an
affected configuration is as follows:
voice service voip
allow-connections from-type to to-type
- Jason Medeiros, The Last Stand: 100% Automatic 0day, Achieved,
Explained, and Demonstrated.
- Alexander Lash, CDMA Unlocking and Modification
- Kevin Bauer, Damon McCoy, BitBlender: Providing Lightweight
Anonymity for BitTorrent
- Jason Ostrom, John Kindervag, VoIP Penetration Testing: Lessons
Learned, Tools and Techniques
- Deviant Ollam, Beating Back the Physical Security Boogeyman: How to
Stop Fearing Things That Go Bump in the Night
- Nathan Rittenhouse, Byakugan: Automating Exploitation
- Richard Rushing, Hotspot Analysis: Looking at Hotspots with a Magnifying Glass
is running Cisco IOS Software to reload.
Cisco has released free software updates that address this
vulnerability. There are no workarounds to mitigate the vulnerability
apart from disabling H.323 if the device that is running Cisco IOS
Software does not need to run H.323 for VoIP services.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml
Ionix Service Assurance Management Suite (Ionix SAM) 8.1.0.6 and earlier
Ionix Storage Insight for Availability Suite (Ionix SIA) 2.3.1 and earlier
Ionix VoIP Availability Management Suite (Ionix VoIP AM) 4.0.0.3 and earlier
Vulnerability Summary:
The affected EMC Ionix products contain a buffer overflow vulnerability which can be exploited to cause a denial of service or, possibly, arbitrary code execution.
tones, IVRs, and forwarders. WarVOX provides the unique ability to
classify all telephone lines in a given range, not just those connected
to modems, allowing for a comprehensive audit of a telephone system.
WarVOX requires no telephony hardware and is massively scalable by
leveraging Internet-based VoIP providers. A single instance of WarVOX on
a residential broadband connection, with a typical VoIP account, can
scan over 1,000 numbers per hour. The speed of WarVOX is limited only by
downstream bandwidth and the limitations of the VoIP service. Using two
providers with over 40 concurrent lines we have been able to scan entire
10,000 number prefixes within 3 hours.
Introduction:
=============
Designed to enable seamless voice and video communication, the CudaTel Communication Server is an easy-to-use,
affordable, next-generation phone system for businesses. CudaTel Communication Server s enterprise-class
feature set includes Voice over IP (VoIP) PBX services, conferencing, follow-me, automated attendant services,
and more, controlled by an easy-to-use Web interface. CudaTel Communication Server is compatible with any SIP
device and provider, and can be pre-configured for use with both analog and digital telephone networks. Powerful,
Complete Solution With an expansive feature set and and no per user or phone licensing fees, the CudaTel
Communication Server is equipped and priced for organizations of any size. Native High Definition audio support
and integrated phone line (TDM) hardware produces an unparalleled audio experience. VOIP encryption protects calls
The BT Home Hub, which is probably the most popular home router in the
UK, is susceptible to critical vulnerabilities.
BT's plan is to sneak one of this boxes into every UK home. Not only
does the BT Home Hub support broadband but also VoIP (BT Broadband
Talk), UMA mobile telephony (BT Fusion), and digital TV (BT Vision).
Additionally, BT will give users the option to use their BT Home Hub to
join FON, a community-shared Wi-Fi. An unofficial source has reported
us that there are 2+ million BT Home Hub users in the UK.
• Web services
• PHP
• .Net
• Web applications
Networking/Telecommunication
• VoIP
• 3G/3.5G network
• IPv6
• WLAN/WiFi
• GPRS
Malware
• Web services
• PHP
• .Net
• Web applications
Networking/Telecommunication
• VoIP
• 3G/3.5G network
• IPv6
• WLAN/WiFi
• GPRS
Malware
• Web services
• PHP
• .Net
• Web applications
*Networking/Telecommunication*
• VoIP
• 3G/3.5G network
• IPv6
• WLAN/WiFi
• GPRS
*Malware
=======
Cisco Unified Communications Manager (CUCM) is the call processing
component of the Cisco IP telephony solution that extends enterprise
telephony features and functions to packet telephony network devices,
such as IP phones, media processing devices, voice-over-IP (VoIP)
gateways, and multimedia applications.
When a CUCM server is deployed in secure mode, a Certificate Trust
List (CTL) is used by Cisco Unified IP Phone devices to verify the
identity of CUCM servers. The CTL contains public keys and other
=======
Cisco Unified Communications Manager is the call processing component
of the Cisco IP Telephony solution that extends enterprise telephony
features and functions to packet telephony network devices, such as
IP phones, media processing devices, voice-over-IP (VoIP) gateways,
and multimedia applications.
Certificate Trust List Provider Related Vulnerabilities
The Certificate Trust List (CTL) Provider service of Cisco Unified
=======
Cisco Unified CallManager/Communications Manager (CUCM) is the call
processing component of the Cisco IP telephony solution which extends
enterprise telephony features and functions to packet telephony network
devices such as IP phones, media processing devices, voice-over-IP
(VoIP) gateways, and multimedia applications.
The cross-site scripting vulnerability and the SQL injection
vulnerability are triggered when a specially crafted value is entered
in the lang variable of either the admin or user logon pages. Attacks
=======
Cisco Unified Communications Manager is the call processing component
of the Cisco IP Telephony solution that extends enterprise telephony
features and functions to packet telephony network devices, such as
IP phones, media processing devices, voice-over-IP (VoIP) gateways,
and multimedia applications.
Certificate Trust List Provider Related Vulnerabilities
The Certificate Trust List (CTL) Provider service of Cisco Unified
Cisco Unified Communications Manager Express, such as ephones, will
automatically start the SIP process when they are configured, which
could cause the affected device to start processing SIP messages. An
example of an affected configuration follows:
dial-peer voice <Voice dial-peer tag> voip
...
!
In addition to inspecting the Cisco IOS device configuration for a
"dial-peer" command that causes the device to process SIP messages,
- Reverse engineering (malicious code analysis technique,
vulnerability research)
- Traffic analysis
- Intrusion detection and anti-detection technique
--- Wireless & VoIP security
- 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS
- PDA & mobile protocol analysis
- Palm, Pocket Pc
- Wireless gateway
- VoIP security & vulnerability analysis
>> - Reverse engineering (malicious code analysis technique,
>> vulnerability research)
>> - Traffic analysis
>> - Intrusion detection and anti-detection technique
>>
>> --- Wireless & VoIP security
>> - 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS
>> - PDA & mobile protocol analysis
>> - Palm, Pocket Pc
>> - Wireless gateway
>> - VoIP security & vulnerability analysis
* Call Jacking: Phreaking the BT Home Hub *
OK, this is a bit of a funny attack - although it could also be used
for criminal purposes! After playing with the BT Home Hub for a while
(again!) [1], pdp and I discovered that attackers can steal/hijack
VoIP calls. Let me explain …
In summary, if the victim visits our evil proof-of-concept webpage,
his/her browser sends a HTTP request to the BT Home Hub's web
interface. After this, the Home Hub starts a VoIP/telephone connection
to the recipient's phone number specified in the exploit page. This is
The server is vulneable to a Denial of Service attack (crash) caused by
the access to a NULL pointer.
The problem happens in the GetMagicNumberString function which takes
the third byte of the data received from the client on the VOIP port
52999 and returns a text string if this value is valid ("ABC" for type
0, "DEF" for 1, "GHI" for 2 and so on) or NULL if it's invalid.
Then the string returned by this function is compared with another one
and here happens the NULL pointer access.
J. Oquendo wrote:
> orsino wrote:
>> There's a difference between being able to get onto a network (via wifi
>> maybe?) and getting physical access to a device.
>
> For starters this is a VoIP device (Product Name: SPA-2102), but
> even if it weren't it makes no difference to me and in the security
> realm it shouldn't make a difference to anyone else either.
>
> 1) I don't have an open network and if you do and are on this list its
> either going to be a honeypot or for theft of information (bad guys
Communications Manager Express, such as ePhones, once configured will
also automatically start the SIP process, which will cause the device
to start processing SIP messages. An example of an affected
configuration follows:
dial-peer voice <Voice dial-peer tag> voip
...
!
In addition to inspecting the Cisco IOS device configuration for a
"dial-peer" command that causes the device to process SIP messages,
Vulnerability Discovery Demystified Mark Dowd and Justin Schuh
The Exploit Laboratory - Advanced Edition Saumil Shah
Advanced Honeypot Tactics Thorsten Holz
Mastering the network with Scapy Philippe Biondi
Voice over IP (VoIP) Security Nico Fischbach
Practical 802.11 WiFi (In)Security Cdric Blancher
Advanced Linux Hardening Andrea Barisani
Defend The Flag Microsoft
--
- Real-time data structure recovery
- Reverse engineering (malicious code analysis technique, vulnerability research)
- Intrusion detection and anti-detection technique
- Traffic analysis
--- Wireless & VoIP security
- 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS
- PDA & mobile protocol analysis
- Palm, Pocket Pc
- Wireless gateway
- VoIP security & vulnerability analysis
Communications Manager Express, such as ePhones, will also
automatically start the SIP process when they are configured, causing
the device to start processing SIP messages. An example of an
affected configuration follows:
dial-peer voice <Voice dial-peer tag> voip
...
!
In addition to inspecting the Cisco IOS device configuration for a
dial-peer command that causes the device to process SIP messages,
> - Reverse engineering (malicious code analysis technique,
> vulnerability research)
> - Traffic analysis
> - Intrusion detection and anti-detection technique
>
> --- Wireless & VoIP security
> - 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS
> - PDA & mobile protocol analysis
> - Palm, Pocket Pc
> - Wireless gateway
> - VoIP security & vulnerability analysis
Next Page>>
|
