VocalTec Telephony Gateway Can Be Crashed By Specially Crafted Packets
|
|
SecurityTracker Alert ID: 1010268 |
|
SecurityTracker URL: http://securitytracker.com/id/1010268
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 24 2004
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): VTG120, VTG480
|
Description:
A denial of service vulnerability was reported in the VocalTec Telephony Gateway models VTG120 and VTG480. A remote user can cause the target system to crash.
SecurityLab.ru reported that there is a flaw in the processing of H.323/H.225 protocol messages. A remote user can send a specially crafted message to the target system several times (approximately 10 times) to cause the target system to crash.
The original advisory is available at:
http://www.securitylab.ru/45401.html
A demonstration exploit is available at:
http://www.securitylab.ru/_Exploits/2004/05/killvoc-small.c
Tagoff Eugene is credited with discovering the flaw.
|
Impact:
A remote user can cause the gateway to crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.vocaltec.com/ (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 24 May 2004 22:37:50 +0400
Subject: [Full-Disclosure] DoS in Vocaltec VoIP gateway in ASN.1/H.323/H.225 stack
|
More information (in Russian, of course):
http://www.securitylab.ru/45401.html
Exploit:
http://www.securitylab.ru/_Exploits/2004/05/killvoc-small.c
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
|
|
