| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJVSNcLoFb0-teTLCLwkR_gwuHqFo1Wm0REoyKyrw1V6YSpujg@mail.gmail.com> Date: Mon, 12 Jan 2015 17:56:43 +0100 From: "kapejod@...glemail.com" <kapejod@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Snom SIP phones denial of service through HTTP Snom SIP phones (www.snom.com) have a builtin HTTP/HTTPS configuration interface, which is enabled by default. By making a single HTTP POST request all available memory (and CPU) can be exhausted, resulting in a reboot of the phone. This even works if the HTTP/HTTPS interface is protected by username and password (probably the credentials are checked a few more lines later when the complete request has been received). Affected models: MP, 3XX, 7XX, 8XX (i didnt have any of the other models to test) Affected firmwares: latest stable, latest beta (most likely some others too) Workaround: Disable HTTP/HTTPS interface completely. Poc: dd if=/dev/zero bs=1M count=32 | curl http://IP_OF_PHONE <http://ip_of_phone/> --data-binary @- P.S. Just if you are wondering.... I did not notify the vendor about this. Almost two years ago i reported multiple vulnerabilities directly to the vendor (including the possibility to install arbitrary software on the device), but not much has changed since then. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists