Nortel IP Phones Predictable UNIStim Sequence Numbers Facilitate Hijacking Attacks
|
|
SecurityTracker Alert ID: 1019847 |
|
SecurityTracker URL: http://securitytracker.com/id/1019847
|
|
CVE Reference:
CVE-2008-6564
(Links to External Site)
|
Updated: May 5 2009
|
Original Entry Date: Apr 15 2008
|
Impact:
Disclosure of system information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in certain Nortel IP Phones. A remote user can execute arbitrary code on the target system. A remote user can determine the installation path.
A remote user monitoring the network between the client and the server can monitor the UNIStim protocol sequence numbers and then spoof the protocol to issue alternate commands and potentially hijack a session.
VoIPshield Systems reported this vulnerability.
The original advisory is available at:
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,27/_cursor,2/_total,5/tableid,1/
|
Impact:
A remote user monitoring the network can hijack UNIStim protocol sessions.
|
Solution:
The vendor has issued a patch (install patch MPLR24368 and use SMC2450).
The vendor's advisory is available at:
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455
|
Vendor URL: support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455 (Links to External Site)
|
Cause:
Access control error, Randomization error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 15 Apr 2008 00:45:28 -0400
Subject: Nortel UNIStim IT Sequence Number Intercept
|
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,27/_cursor,2/_total,5/tableid,1/
|
|
