[Asterisk-Users] Cisco 7960s

[Erik Anderson]

Sounds like a security issue.  Verify the issue and email

bugtraq at securityfocus.com

Cisco will take a look at it once it hits bugtraq I am sure.

Erik

-----Original Message-----
From: asterisk-users-admin at lists.digium.com
[mailto:asterisk-users-admin at lists.digium.com]On Behalf Of Matthew Hardeman
Sent: Friday, July 11, 2003 3:21 AM
To: asterisk-users at lists.digium.com
Subject: [Asterisk-Users] Cisco 7960s


Cisco should really be ashamed of this product...

While it is physically well constructed, and has excellent sound quality
along with a very pleasant user interface, the device has SERIOUS stability
issues, unless you run your network with an iron fist...

Quite by accident, while configuring my Asterisk system to connect to a
Cisco 7960 via SIP in a standard office PBX type arrangement, I discovered
something interesting...

By screwing around with both the source IP address of a SIP message, along
with certain IP addresses in the SIP message itself, it's quite easy to
crash the Cisco.

In short, it would be trivial to DOS (by forcing continuous crashes and the
subsequent reboots) any Cisco 7960 that you can route UDP packets to...

Matt Hardeman
PaperSoft