[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040217213210.GA3816@deneb.enyo.de>
Date: Tue, 17 Feb 2004 22:32:10 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: 3APA3A <3APA3A@...URITY.NNOV.RU>
Cc: Gadi Evron <ge@...tistical.reprehensible.net>, bugtraq@...urityfocus.com,
full-disclosure@...ts.netsys.com, Zak Dechovich <ZakGroups@...ureol.com>
Subject: Re: ASN.1 telephony critical infrastructure warning - VOIP
3APA3A wrote:
> ASN.1 is used by many services, but all use different underlying
> protocols. It's not likely NetMeeting or MS ISA server to be primary
> attack targets. Attack against MS IPSec implementation, Exchange,
> SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP
> infrastructure (except connectivity degradation because of massive
> traffic).
I wish your assessment were true, but it's not. Cisco Call Manager is
based on Windows, and Cisco still has to certify the patches Microsoft
released.
It's sad that Microsoft apparently hasn't used those six months to
properly coordinate the issue with OEM vendors.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists