SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (VoIP/Phone/FAX)  >   xpressa Vendors:   Pingtel Corp.
Pingtel xpressa Boundary Error in HTTP Management Interface Lets Remote Authenticated Users Crash the Phone
SecurityTracker Alert ID:  1011235
SecurityTracker URL:  http://securitytracker.com/id/1011235
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 14 2004
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): Model PX-1, Core Apps firmware: 2.1.11.24, Kernel firmware: 2.1.11.24
Description:   A vulnerability was reported in the Pingtel xpressa in the HTTP management interface. A remote authenticated user can cause the target phone to crash.

@stake reported that a remote authenticated user can send a specially crafted request to the management interface to cause the underlying VxWorks operating system to crash.

A demonstration exploit request is provided:

GET /<buffer of 260 'A' characters>/cgi/application.cgi HTTP/1.0
Authorization: Basic [base64authstring]

The vendor was notified on September 8, 2004.

The original advisory is available at:

http://www.atstake.com/research/advisories/2004/a091304-2.txt

Impact:   A remote authenticated user can cause the phone to crash, requiring a power cycle to return to normal operations.
Solution:   No solution was available at the time of this entry.

The vendor no longer sells the product, but provides support to existing xpressa desktop phone customers that have an active Warranty or Maintenance Plan, according to the report.

Vendor URL:  www.pingtel.com/default.jsp (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC