[asterisk-users] FYI - Polycom SoundPoint IP 301 Denial of Service]
Rich Adamson
radamson at routers.com
Tue Oct 10 07:28:46 MST 2006
FYI.....
TITLE:
Polycom SoundPoint IP 301 Denial of Service
SECUNIA ADVISORY ID:
SA22266
VERIFY ADVISORY:
http://secunia.com/advisories/22266/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
OPERATING SYSTEM:
Polycom SoundPoint IP 301
http://secunia.com/product/12229/
DESCRIPTION:
A vulnerability has been reported in the Polycom SoundPoint IP 301
VoIP Desktop Phone, which can be exploited by malicious people to
cause a DoS (Denial of Service).
Sending a long URL to the embedded HTTP server or using the Nessus
http_fingerprinting_hmap.nasl script can cause the phone to reboot.
Additional, it has been reported that the TCP port 42 is open and
accepting connections.
The vulnerabilities have been reported in firmware version
1.4.1.0040. Other versions may also be affected.
SOLUTION:
Reportedly, this does not affect the firmware version 2.0.1.
PROVIDED AND/OR DISCOVERED BY:
Shawn Merdinger
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
More information about the asterisk-users
mailing list