| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Feb 2011 09:21:30 -0500 From: Patrick Kelley <psworn@...il.com> To: bugtraq@...urityfocus.com Subject: DoS Condition with Altigen VoIP Phone Systems If you run a NMAP network scan against the IP of the phone server, it will crash the Altigen's Gateway service, rendering the system useless until rebooted. All information saved in the phone system at the time is lost. Port 5061 crashes due to HEAP Overflow. Following message: Application popup: Microsoft Visual C++ Debug Library : Debug Error! Program: C:\AltiServ\Exe\altigateway.exe HEAP CORRUPTION DETECTED: after Normal block (#13414021) at 0x08E1C270. CRT detected that the application wrote to memory after end of heap buffer. Specifics: ANY workstations running NMAP on the LAN with knowledge of the phone system's IP address. Special permissions are not needed. Crash occurs with 15 seconds of scanning on a 100 Mb line. Exploitation: This is remotely exploitable from anywhere on the Internet with access to ANY Altigen service port. Platform: Windows Server 2008, fully updated, firewall enabled with ports opened for Altigen services. Solution: Vendor is releasing patch for this issue in next revision. Binding outbound traffic to just PRI/Trunk seems to mitigate the issue.
Powered by blists - more mailing lists