[Asterisk-Users] [Fwd: [SA16438] Grandstream BudgeTone Denial of Service Vulnerability]

Ing CIP Alejandro Celi Mariátegui alex at linux.org.pe
Wed Aug 17 14:13:55 MST 2005




-- 
Ing CIP Alejandro Celi Mariátegui 
<alex at linux.org.pe>


-----Mensaje reenviado-----
From: Secunia Security Advisories <sec-adv at secunia.com>
To: alex at linux.org.pe
Subject: [SA16438] Grandstream BudgeTone Denial of Service Vulnerability
Date: Mon, 15 Aug 2005 12:49:44 +0200


----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
Grandstream BudgeTone Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA16438

VERIFY ADVISORY:
http://secunia.com/advisories/16438/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
>From local network

OPERATING SYSTEM:
Grandstream BudgeTone 100 Series SIP Phones
http://secunia.com/product/5537/

DESCRIPTION:
Pierre Kroma has reported a vulnerability in Grandstream BudgeTone
100 Series SIP Phones, which can be exploited by malicious people to
cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing large UDP
datagrams and can be exploited by sending a large UDP datagram (more
than 65534 bytes) to port 5060/udp.

Successful exploitation causes the phone to stop working by aborting
active calls, blank the display, and make the integrated HTTP server
become inaccessible.

The vulnerability has been reported in firmware release 1.0.6.7.
Other versions may also be affected.

SOLUTION:
Use the phones on trusted networks only.

PROVIDED AND/OR DISCOVERED BY:
Pierre Kroma, SySS.

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=alex%40linux.org.pe

----------------------------------------------------------------------





More information about the asterisk-users mailing list