copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Year » 2006 » ESB-2006.0046 -- [Cisco] -- Response to Cisco IP Pho...
 

ESB-2006.0046 -- [Cisco] -- Response to Cisco IP Phone 7940 DoS Exploit
Date: 16 January 2006

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                         ESB-2006.0046 -- [Cisco]
                Response to Cisco IP Phone 7940 DoS Exploit
                              16 January 2006

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco IP Phone models 7940 and 7960
Publisher:         Cisco Systems
Operating System:  Cisco
Impact:            Denial of Service
Access:            Remote/Unauthenticated

Original Bulletin: 
http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Cisco Security Notice: 
======================
Response to Cisco IP Phone 7940 DoS Exploit posted on milw0rm.com
=================================================================

Document ID: 68787

http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml

Revision 1.0

For Public Release 2006 January 13 2130 UTC (GMT)

- - -----------------------------------------------------------------------

Contents
========

    Cisco Response
    Additional Information
    Cisco Security Procedures

- - -----------------------------------------------------------------------

Cisco Response
==============

This is a response to the Cisco IP Phone DoS exploit posted 
to http://www.milw0rm.com/ on January 10, 2006. When directed at port 
80 of an affected phone, the exploit will cause the phone to reload.

Cisco has introduced changes to the firmware for 7940 and 7960 IP
Phones that will reduce the impact of a denial of service attack.
Starting with firmware revision 7.1(1), IP phones that are subject to
DoS attacks have the capability to perform load control using TCP
throttling. Although it may not be possible to maintain normal
operation during an attack, the phones will not reload.

The changes mentioned above are documented in Cisco bug ID CSCef33398. 

This vulnerability was first reported to Cisco by Knud Erik Hojgaard;
we thank him for making us aware of this issue. We greatly appreciate
the opportunity to work with researchers on security vulnerabilities,
and welcome the opportunity to review and assist in product reports.

Additional Information
======================

It is important to note that Cisco best practices for IP Telephony
include several recommendations that isolate and protect IP phones from
many common attacks. For optimum functionality, these devices should be
deployed in accordance with those recommendations. For more
information, please see:

  * Solution Reference Network Designs:
    http://www.cisco.com/go/srnd/
  * SAFE Blueprint:
    http://www.cisco.com/go/safe/

Cisco Security Procedures
=========================

Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and registering
to receive security information from Cisco, is available on Cisco's
worldwide website at 
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security 
notices. All Cisco security advisories are available at 
http://www.cisco.com/go/psirt.

- - -----------------------------------------------------------------------

All contents are Copyright 1992-2006 Cisco Systems, Inc. All rights
reserved.

- - -----------------------------------------------------------------------

Updated: Jan 13, 2006                                Document ID: 68787

- - -----------------------------------------------------------------------
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDyBy9ezGozzK2tZARAkmxAJ4sGM0dIqtCAn9Ag/6QZin5ikS9CgCgqvLc
yn5FwFVrrPMNyPuy4Y4J5BY=
=Vcga
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQ8rsnih9+71yA2DNAQISBwP9ESqjYoWUewzfzb08TyQu+2cJldaoYw87
sCB8rhAqCu08uOV3Gk+ZYCvGMfDShMz+A51VEjn4M8GItlMt/KTJl/qdnQQj2UK8
dADk4AzZ3/mmAYj6sdPgmKP26w7962MGrinFiCA3JRW3RKmxIqQRzTeRPUNdJ65h
/xN5Iwg6oRs=
=KS0Y
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=5874&it=5926