| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Feb 2004 11:54:37 -0800 From: RJ Auburn <rj@...eo.com> To: Gadi Evron <ge@...tistical.reprehensible.net> Cc: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>, Zak Dechovich <ZakGroups@...ureol.com> Subject: Re: ASN.1 telephony critical infrastructure warning - VOIP I would say that this is somewhat misleading. First of all not all VoIP services use ASN.1 encoding for the protocol. While H.323 does SIP does not. Additionally I suspect that not many of the carrier deployment of H.323 are using the MS ASN.1 libs as most of them are unix based (many of them will be running SPARC/Solaris). Now that being said if companies are allowing VoIP to the desktop for services like netmeeting there could be problems. RJ --- RJ Auburn CTO, Voxeo Corporation tel:+1-407-418-1800 On Feb 17, 2004, at 07:37, Gadi Evron wrote: > I apologize, but I am using these mailing lists to try and contact the > different */CERT teams for different countries. > > As we all know, ASN.1 is a new very easy to exploit vulnerability. It > attacks both the server and the end user (IIS and IE). > > We expect a new massive worm to come out exploiting this vulnerability > in the next few days. > > Why should this all interest you beyond it being the next blaster? > > ASN is what VOIP is based on, and thus the critical infrastructure for > telephony which is based on VOIP. > > This may be a false alarm, but you know how worms find their way into > every network, private or public. It could (maybe) potentially bring > the system down. > > I am raising the red flag, better safe than sorry. > > The two email messages below are from Zak Dechovich and myself on this > subject, to TH-Research (The Trojan Horses Research Mailing List). The > original red flag as you can see below, was raised by Zak. Skip to his > message if you like. > > Gadi Evron. > > > > Subject: [TH-research] */CERT people: Critical Infrastructure and > ASN.1 - VOIP [WAS: Re: > [TH-research] OT: naming the fast approaching ASN.1 worm] > > Mail from Gadi Evron <ge@...uxbox.org> > > All the */CERT people on the list: > If you haven't read the post below, please do. > > Anyone checked into the critical infrastructure survivability of an ASN > worm hitting? phone systems could possibly go down. We all know how > worms find their way into any network, private or otherwise. and VOIP > systems (which phone systems are based on nowadays) could go down. > > Heads-up! Finds them contingency plans.. :o) > > Any information would be appreciated, or if you need more information > from us: +972-50-428610. > > Gadi Evron. > > > Zak Dechovich wrote: > > > Mail from Zak Dechovich <ZakGroups@...UREOL.COM> > > > > May I suggest the following: > > > > ASN1 is mainly used for the telephony infrastructure (VoIP), > > any code that attacks this infrastructure can be assigned with 'VoIP' > > prefix, followed by the attacked vendor (cisco, telrad, microsoft, > etc.). > > > > for example, if (when) Microsoft's h323 stack will be attacked, the > name > > should be VoIP.ms323.<variant>, or if Cisco's gatekeepers will > crash, lets > > call it VoIP.csgk.<variant> > > > > Your thoughts ? > > > > Zak Dechovich, > > > > Zak Dechovich, > > Managing Director > > SecureOL Ltd. > > Mobile: +972 (53) 828 656 > > Office: +972 (2) 675 1291 > > Fax: +972 (2) 675 1195 > > - > TH-Research, the Trojan Horses Research mailing list. > List home page: http://ecompute.org/th-list > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists