Rss Feed
7
Mar/11

Altigen VoIP Phone Systems Nmap Scan Remote Denial of Service Vulnerability

by Ivan Diaz under Condor Advisories

Vulnerable Products

Altigen VoIP Phone System
Altigen AltiServ

Official Information

http://www.securityfocus.com/archive/1/516690

Impact

Successful exploitation of this vulnerability may allow a remote attacker to cause a denial of service (crash) denying service to legitimate users. This vulnerability is patchable.

Risk level

High

Vector

External

Details

Altigen VoIP Phone is vulnerable to a denial of service, caused by improper handling of inbound traffic on affected devices causing port SIP/TLS (TCP/5061) crashes due to HEAP Overflow. By running a NMAP network scan against the IP of the phone server, it will crash the Altigen’s Gateway service, rendering the system useless until rebooted.  All information saved in the phone system at the time is lost. This issue occurs with 15 second of scanning on a 100 Mb line. A remote attacker could exploit this vulnerability to cause the application to crash an affected server denying service to legitimate users. This vulnerability is remotely exploitable from anywhere on the Internet with access. Special permissions are not needed.

Fixed Software

Currently vendor does not have released a patch to circumvent this issue. Binding outbound traffic to just PRI/Trunk seems to mitigate the issue.

Remediation

For comprehensive secure communications and collaboration protection with full stateful firewall inspection, a UC gateway appliance such as from RedShift is the right approach. 

 RedShift Networks UCTM solution can protect all provides comprehensive 0-day protection for critical IP- Voice, Video, Unified Communications & Collaborative networks and applications. For more information on RedShift Networks, please go to www.redshiftnetworks.com

No tags 213 Comments more...

7
Mar/11

Cisco Firewall Services Module and ASA 5500 Series Adaptive Security Appliance SCCP Denial of Service Vulnerability

by Ivan Diaz under Condor Advisories

Vulnerable Products

Cisco Firewall Services Module (FWSM) versions 4.1, 4.0, 3.2 and 3.1
Cisco ASA 5500 Series Adaptive Security Appliance versions 8.3, 8.2, 8.1 and 8.0
Cisco ASA 5500 Series Adaptive Security Appliance versions 7.2, 7.1 and 7.0

 Official information

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e148.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14d.shtml

 Impact

 Successful exploitation of this vulnerability may cause a reload of the affected appliance, causing to crash and denying service to legitimate users.  Repeated exploitation could result in a sustained DoS condition. This vulnerability is patchable.

 Risk level

 Medium

 Vector

 External

 Details

Cisco ASA 5500 Series Adaptive Security Appliances and Cisco FWSM are vulnerable to a denial of service, caused by an error during Skinny Client Control Protocol (SCCP) inspection. Successful exploration could allow a remote user to cause the target device to reload via a malformed SCCP message. Appliances and Cisco FWSM are only vulnerable when SCCP inspection is enabled.

 Only transit traffic can trigger this vulnerability; traffic that is destined to the appliance will not trigger this vulnerability.

This vulnerability is documented in Cisco bug ID CSCtl84952, CSCtg69457 and CVE-2011-0394.

Fixed Software

Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

 Vendor fixes available:

Versions First Fixed Release
Cisco Firewall Services Module (FWSM) 4.1 4.1(5)
Cisco Firewall Services Module (FWSM) 4.0 4.0(15)
Cisco Firewall Services Module (FWSM) 3.2 3.2(20)
Cisco Firewall Services Module (FWSM) 3.1 3.1(20)
Cisco ASA 5500 Series Adaptive Security Appliances 7.0 7.0(8.11)
Cisco ASA 5500 Series Adaptive Security Appliances 7.1 7.2(5.1)
Cisco ASA 5500 Series Adaptive Security Appliances 7.2 7.2(5.1)
Cisco ASA 5500 Series Adaptive Security Appliances 8.0 8.0(5.19)
Cisco ASA 5500 Series Adaptive Security Appliances 8.1 8.1(2.47)
Cisco ASA 5500 Series Adaptive Security Appliances 8.2 8.2(2.19)
Cisco ASA 5500 Series Adaptive Security Appliances 8.3 8.3(1.8)

Fixed Cisco FWSM software can be downloaded from the Software Center on Cisco.com by visiting http://www.cisco.com/cisco/software/navigator.html 

If SCCP inspection is not required, it can be disabled so the device is no longer affected by the vulnerability. Administrators can disable SCCP inspection by issuing the no inspect skinny command in class configuration sub-mode in the policy map configuration. If SCCP inspection is required, there are no workarounds.

Remediation

For comprehensive secure communications and collaboration protection with full stateful firewall inspection, a UC gateway appliance such as from Redshift is the right approach. 

Redshift Networks UCTM solution provides comprehensive 0-day protection for critical IP- Voice, Video, Unified Communications & Collaborative networks and applications. For more information on RedShift Networks, please go to www.redshiftnetworks.com

No tags 67 Comments more...

7
Mar/11

Cisco TelePresence Multipoint Switch (CTMS) and Recording Server (CTRS) Multiple Vulnerabilities

by Ivan Diaz under Condor Advisories

Vulnerable Products

 

Vulnerability CVE ID Affected products
 
CVE-2011-0388		 Cisco Telepresence Recording Server versions prior 1.6.1

Cisco TelePresence Multipoint Switch versions prior 1.6.0
CVE-2011-0384
CVE-2011-0387
CVE-2011-0389
CVE-2011-0390		  

Cisco Cisco Telepresence Multipoint Switch versions prior 1.7
 
CVE-2011-0383		 Cisco Telepresence Recording Server versions prior 1.6.1

Cisco TelePresence Multipoint Switch versions prior 1.6.0
CVE-2011-0382
CVE-2011-0386
CVE-2011-0391
CVE-2011-0392		  

Cisco Telepresence Recording Server versions prior 1.6.1

 Official Information

 http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctms.shtml
 http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctrs.shtml

 Impact

Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code, gain unauthorized access to the affected device, gain access to sensitive information, and compromise the affected device denying service to legitimate users. These vulnerabilities are patchable.

Risk level

 Medium

 Vector

 External

 Details

 Multiple vulnerabilities exist in Cisco TelePresence Multipoint Switch and Recording Server. An external authenticated user can disclose sensitive information, gain escalated privileges and potentially compromise a vulnerable system.

 The vulnerabilities are showed on the next table.

Vulnerability

Description

Impact CVE ID CISCO BUG ID
Java Remote method Invocation (RMI) Denial of service Cause a denial of service (Memory consumption and web outage) via multiple crafted requests  

CVE-2011-0388

 CSCtg35825 and CSCtg35830
Unauthenticated Java Servlet Access Execute arbitrary code via a crafted request. CVE-2011-0384 CSCtf01253
Unauthorized Servlet Access Perform certain actions on the system that should be restricted by the attacker’s privilege level. CVE-2011-0387 CSCtf97164
Real-Time Transport Control Protocol Denial of Service It could allow an unauthenticated, remote attacker to terminate all active calls on the affected device. CVE-2011-0389 CSCth60993
XML-RPC Denial of Service Terminate all current calls and potentially cause the device to become unusable for future calls. CVE-2011-0390 CSCtj44534
Unauthenticated Java Servlet Access vulnerability Execute arbitrary code and gain access to sensitive information via a crafted request.  

CVE-2011-0383

 CSCtf42005 and CSCtf42008
CGI Command injection vulnerability Execute arbitrary commands with elevated privileges via request to TCP 443 in CGI subsystem CVE-2011-0382 CSCtf97221
XML-RPC Arbitrary File Overwrite with logging data Obtain full control of the affected device CVE-2011-0386 CSCti50739
Ad Hoc Recording Denial of Service Cause a denial of service (thread consumption and device outage) via a malformed request, related to an “ad hoc recording” issue. CVE-2011-0391 CSCtf97205
Unauthenticated XML-RPC Interface Perform unspecified actions via a session on TCP port 8080. CVE-2011-0392 CSCtg35833

 Fixed Software

Cisco recommends that customers upgrade all components of the Cisco TelePresence solution to 1.7.1 or later.

  Vulnerability First Fixed Version Recommended Release
CSCtg35825 and CSCtg35830 CVE-2011-0388 CTRS 1.7.0

CTMS 1.7.0

 1.7.1
CSCtf01253 CVE-2011-0384 CTMS 1.7.0 1,7,1
CSCtf97164 CVE-2011-0387 CTMS 1.7.0 1,7,1
CSCth60993 CVE-2011-0389 CTMS 1.7.0 1,7,1
CSCtj44534 CVE-2011-0390 CTMS 1.7.1 1,7,1
CSCtf42005 and CSCtf42008 CVE-2011-0383 CTRS 1.6.2

CTMS 1.7.0

 1.7.1
CSCtf97221 CVE-2011-0382 CTRS 1.6.2 1.7.1
CSCti50739 CVE-2011-0386 CTRS 1.7.1 1.7.1
CSCtf97205 CVE-2011-0391 CTRS 1.7.0 1.7.1
CSCtg35833 CVE-2011-0392 CTRS 1.7.0 1.7.1

 There are not workarounds to mitigate against these vulnerabilities.

Remediation

For comprehensive secure communications and collaboration protection with full stateful firewall inspection, a UC gateway appliance such as from RedShift is the right approach. 

RedShift Networks UCTM solution can protect all provides comprehensive 0-day protection for critical IP- Voice, Video, Unified Communications & Collaborative networks and applications. For more information on RedShift Networks, please go to www.redshiftnetworks.com

No tags 183 Comments more...

7
Mar/11

Alcatel-Lucent OmniPCX Remote Stack Buffer Overflow Vulnerability

by Ivan Diaz under Condor Advisories

Vulnerable Products

OmniPCX Enterprise: all versions prior to R9.0
OmniPCX Enterprise release R9.0: all versions prior to patch H1.301.50

Official Information

www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf

Impact

Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code and results a stack-based buffer overflow. Failed exploit attempts will result in a Denial of Service condition. This vulnerability is patchable.

Risk level

Medium

Vector

External

Details

The Alcatel-Lucent OmniPCX Enterprise Communication Server (CS) is used to process, manage, and log traditional as well as VOIP based telephony.

Buffer overflow vulnerability has been discovered in the OmniPCX Enterprise caused by an error in the handling of multiple CGI applications that make up the web application when the CGI applications parse one of the HTTP request parameter and results in a stack-based buffer overflow. Successful exploration of this vulnerability could allow a remote attacker to execute arbitrary code with the privileges of user ‘mtcl’ under which runs the affected service.

This vulnerability is documented in CVE-2011-0344.

Fixed Software

Alcatel-Lucent has released patches and upgrades for correct this vulnerability. 

Vulnerable product First Fixed release
OmniPCX Enterprise releases prior to R9.0 Upgrade to release R9.1
OmniPCX Enterprise release R9.0 Install patch H1.301.50 or upgrade to release R9.1

There are no workarounds to mitigate this vulnerability apart from disable the embedded Web server using the `netadmin` command.

Remediation

For comprehensive secure communications and collaboration protection with full stateful firewall inspection, a UC gateway appliance such as from RedShift is the right approach. 

RedShift Networks UCTM solution can protect all provides comprehensive 0-day protection for critical IP- Voice, Video, Unified Communications & Collaborative networks and applications. For more information on RedShift Networks, please go to www.redshiftnetworks.com

No tags 151 Comments more...

4
Mar/11

Alcatel-Lucent OmniVista 4760 Directory Traversal Vulnerability

by Ivan Diaz under Condor Advisories

Vulnerable Product

OmniVista 4760 in versions R5.0.07.05 and R5.1.06.03.

Official Information

http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf

Impact

Successful exploitation of this vulnerability may allow an attacker to obtain sensitive information using directory-traversal strings. This may aid in further attacks. This vulnerability is patchable.

Risk level

Medium

Vector

External

Details

A directory traversal vulnerability have been identified in Alcatel-Lucent OmniVista 4760 caused due an error in some HTTP GET variables which can be exploited by a remote unauthenticated user to disclose sensitive information. Certain unspecified input is not properly verified before being used to read files. This can be exploited to display the contents of arbitrary files from local resources via directory traversal attacks.

This vulnerability is documented in CVE-2011-0345.

Fixed Software

Alcatel-Lucent has released patches and upgrades for correct this vulnerability. 

Vulnerable product First Fixed release
OmniVista 4760 version R5.0.07.05 Install patch 4760_Patch2_For_R500705c.zip available in Technical Communication TC1428.
OmniVista 4760 version R5.1.06.03 Install patch 4760_Patch4_For_R510603c_Patch3.zip available in Technical Communication TC 1427

There are no workarounds to mitigate this vulnerability.

Remediation

For comprehensive secure communications and collaboration protection with full stateful firewall inspection, a UC gateway appliance such as from RedShift is the right approach. 

RedShift Networks UCTM solution can protect all provides comprehensive 0-day protection for critical IP- Voice, Video, Unified Communications & Collaborative networks and applications. For more information on RedShift Networks, please go to www.redshiftnetworks.com

 

No tags 107 Comments more...

  • Categories

  • Calendar

    May 2012
    M T W T F S S
    « Mar    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  

  • Archives

    • Copyright © 1996-2010 . All rights reserved.
    iDream theme by Templates Next | Powered by WordPress