lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071119071529.12385.qmail@securityfocus.com>
Date: 19 Nov 2007 07:15:29 -0000
From: daniel.stirnimann@...c.ch
To: bugtraq@...urityfocus.com
Subject: Alcatel OmniPCX Enterprise VoIP Vulnerability

#################################################
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#################################################
#
# Product: OmniPCX Enterprise
# Vendor:  Alcatel
# Subject: VoIP Phone Audio Stream Rerouting Vulnerability
# Risk     High
# Effect   Currently exploitable
# Author:  Daniel Stirnimann (daniel.stirnimann (at) csnc (dot) ch)
# Date:    November, 19th 2007
#
#################################################

Introduction:
-------------
If a malicious user sends a TFTP request to the
signaling server with the MAC address of the
victim’s VoIP phone as part of the file name, he
is able to reroute only the audio stream coming
from the other end of the call to his computers IP
address.
Even though an Alcatel VoIP phone can make or take
calls, and send audio, it is prevented from hearing anything said at the other end of the
communication. The VoIP phone needs to be rebooted
manually in order to work again.

This vulnerability may be further exploited by
rerouting the audio stream to the victim’s VoIP
phone again. This would only allow the malicious
user to eavesdrop on half of the victim's audio
communication: what the victim says is not
intercepted, only on the answers made by the other
party would be overheard. Note, this scenario has
not been verified.

Vulnerable:
-----------
Alcatel OmniPCX Enterprise release 7.1 and earlier

Not vulnerable:
---------------
Alcatel OmniPCX Enterprise release 8.0

Vulnerability Management:
-------------------------
June 2007:     Vulnerability found
June 2007:     Alcatel Security notified
November 2007: Alcatel Advisory available
November 2007: Alcatel Security Information

Alcatel-Lucent information:
---------------------------
http://www1.alcatel-lucent.com/psirt/statements.htm
Number 2007004

Reference:
http://www.csnc.ch/static/advisory/secadvisorylist.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ