Members Login

Rss Feeds

Get our latest content via RSS feeds.

Report a Vulnerability

Report a vulnerability or exploit that you have found to SecuMania.
vul[at]SecuMania.org

advertise with us

add your link here only ($10/month)

Google PageRank Checker
 

Recommended Links

Most downloaded

Latest Comments

I cant say I feel sorry for him, stupid spammer got what he deserved. We all know how it feels to op...
thanks smiley
hi webmaster,plz help me to find any information about account harvesting and traversal path attack ...
Hello Webmasters My name is Nikolai. I am making an organization for the protection internet users f...
good job you are the best . mgharba talmout :d
Hello, The reported problem has been fixed. Regards, Catalina Danila Online Rent Customer Supp...
Not Vulnerable: Luis Wang netOffice Dwins 1.3.1 visit website http://netofficedwins .sourceforge.ne...
Current version of script corrected. Security patch available to registered users in the user foru...
But i think to protect the password is not needed because it's not used in the SQL-Execute statement...
you may find that your hotfix doesnt stop the password field from having SQL injected into it. This ...

Who's Online

Total: 8
Members: 0 / Guests: 8
No members online

Packet Storm

Links

viralcoders

lzer
Visits today: 49
Visits yesterday: 485
Visits month: 1446
Visits total: 255778
Pages total: 4764580
Crash bug blights Cisco IP phones Print E-mail
0
Wednesday, 22 August 2007
Cisco has advised users to update the firmware on some of its IP phones following the discovery of two security flaws.

A brace of Session Initiation Protocol (SIP) vulnerabilities in Cisco 7940/7960 IP Phones create the potential for hackers to crash - but not to run exploit code - on vulnerable handsets.

SIP is a signalling protocol for VoIP. The protocol can be used to create two-party, multiparty, or multicast sessions.

Cisco IP Phone 7940/7960 SIP firmware versions prior to 8.7(0) are vulnerable to the denial of service attacks, Cisco warns. Users are advised to update their firmware to version 8.7(0), as explained in its advisory here .

More detail on the vulnerabilities can be found in posts (here and here ) to full disclosure mailing lists by the independent security researchers (Radu State, Humberto J Abdelnur, and Olivier Festor) who discovered the bugs. ®


Source: (The Register)
Related stories

  1. AGEphone SIP Packet Handling Buffer Overflow Vulnerability
  2. Avaya agrees offer for Ubiquity Software
  3. Cisco 7940 SIP Phone INVITE Message Remote Denial of Service
  4. Cisco 7940/7960 Phone SIP Invite Remote Denial of Service Vu
  5. Cisco 7940/7960 Phones SIP Message Handling Remote Denial of
  6. Cisco IP Phone 7940 (10 SIP messages) Remote Denial of Servi
  7. Cisco IP Phone 7940 (3 SIP messages) Remote Denial of Servic
  8. Cisco IP Phone 7940 (Reboot) Denial of Service Exploit
  9. Cisco IP Phone 7940 Remote Denial of Service Vulnerability
  10. Cisco IP Phone 7960 Firmware TFTP Authentication Weakness
Set as favorite
Bookmark
Email This
Hits: 694
Comments (0)add
Write comment
quote
bold
italicize
underline
strike
url
image
quote
quote
smile
wink
laugh
grin
angry
sad
shocked
cool
tongue
kiss
cry
smaller | bigger

security image
Write the displayed characters


busy
 
< Prev   Next >
[ Back ]

Polls

How do you rate the SecuMania Security Portal?
 

Latest exploits

Latest vulnerabilities

Security

Spam

Viruses/Malware

Software/Programming

Linux

Microsoft

Technology

Web Design & Development