Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Focus On: Vista
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Back to list
|
Post reply
Nortel UNIStim IP Softphone Buffer-Overflow
Oct 18 2007 12:26PM
daniel stirnimann csnc ch
#############################################################
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#############################################################
#
# Product: IP Softphone
# Vendor: Nortel
# Subject: UNIStim IP Softphone Buffer-Overflow
# Risk: High
# Effect: Currently not exploitable
# Author: Cyrill Brunschwiler (cyrill.brunschwiler (at) csnc (dot) ch
# Date: October, 18th 2007
#
#############################################################
Introduction:
-------------
Flooding an UNIStim IP Softphone on the RTCP Port with garbage immediately results in a Microsoft Windows error message which is mostly caused by
memory corruption (buffer overflow).
This vulnerability may be exploitable to gain user privileges on the client workstation and execute malicious commands or code.
Nortel has noted this as:
Title: UNIStim IP Softphone - Potential Vulnerability Due to Buffer Overflow
Number: 2007008382
http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY
Vulnerable:
-----------
IP Softphone 2050
Vulnerability Management:
-------------------------
June 2007: Vulnerability found
June 2007: Nortel Security notified
October 2007: Nortel Advisory available
October 2007: Compass Security Information
Remediation:
------------
According to Nortel the vulnerability is still under investigation.
The Nortel advisory will be reissued if the investigation results in new prevention information.
Reference:
http://www.csnc.ch/static/advisory/secadvisorylist.html
[ reply ]
Privacy Statement
Copyright 2007, SecurityFocus
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#############################################################
#
# Product: IP Softphone
# Vendor: Nortel
# Subject: UNIStim IP Softphone Buffer-Overflow
# Risk: High
# Effect: Currently not exploitable
# Author: Cyrill Brunschwiler (cyrill.brunschwiler (at) csnc (dot) ch
# Date: October, 18th 2007
#
#############################################################
Introduction:
-------------
Flooding an UNIStim IP Softphone on the RTCP Port with garbage immediately results in a Microsoft Windows error message which is mostly caused by
memory corruption (buffer overflow).
This vulnerability may be exploitable to gain user privileges on the client workstation and execute malicious commands or code.
Nortel has noted this as:
Title: UNIStim IP Softphone - Potential Vulnerability Due to Buffer Overflow
Number: 2007008382
http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY
Vulnerable:
-----------
IP Softphone 2050
Vulnerability Management:
-------------------------
June 2007: Vulnerability found
June 2007: Nortel Security notified
October 2007: Nortel Advisory available
October 2007: Compass Security Information
Remediation:
------------
According to Nortel the vulnerability is still under investigation.
The Nortel advisory will be reissued if the investigation results in new prevention information.
Reference:
http://www.csnc.ch/static/advisory/secadvisorylist.html
[ reply ]