SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VoIP)  >   Asterisk Vendors:   Digium (Linux Support Services)
Asterisk Error in Processing INVITE Messages Lets Remote Users Deny Service
SecurityTracker Alert ID:  1017794
SecurityTracker URL:  http://securitytracker.com/id/1017794
CVE Reference:   CVE-2007-1561   (Links to External Site)
Updated:  Apr 2 2007
Original Entry Date:  Mar 20 2007
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.4 prior to 1.4.2, and prior to 1.2.17
Description:   A vulnerability was reported in Asterisk. A remote user can cause denial of service conditions.

A remote user can send a specially crafted SIP INVITE message to cause the target service to crash. An anonymous INVITE message where the SDP contains two connection headers, one that is valid and one with an invalid IP address, can trigger the crash. If anonymous calls are not permitted, then a valid username and password is required.

Humberto J. Abdelnur, Radu State, and Olivier Festor of the Madynes research team at INRIA Lorraine discovered this vulnerability using the Madynes VoIP fuzzer.

Impact:   A remote user can cause the target service to crash.
Solution:   The vendor has issued a fixed version (1.4.2 and 1.2.17).
Vendor URL:  www.asterisk.org/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] Asterisk SDP DOS vulnerability

This is a multi-part message in MIME format.

--===============0866377245==
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00B4_01C76A58.D4117A50"

This is a multi-part message in MIME format.

------=_NextPart_000_00B4_01C76A58.D4117A50
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

MADYNES Security Advisory 

 

 <http://madynes.loria.fr/> http://madynes.loria.fr

 

 

Title: Asterisk SIP INVITE remote DOS  

 

Release Date:

      08/03/2007

 

Severity: 

      High - Denial of  Service

 

Advisory ID:KIPH1

 

Software:

      Asterisk

       <http://www.asterisk.org/> http://www.asterisk.org/

 

AsteriskR is a complete IP PBX in software. It runs on a wide variety of
operating systems including Linux, Mac OS X, OpenBSD, FreeBSD and Sun
Solaris and provides all of the features you would expect from a PBX
including many advanced features that are often associated with high end
(and high cost) proprietary PBXs. AsteriskR supports Voice over IP in many
protocols, and can interoperate with almost all standards-based telephony
equipment using relatively inexpensive hardware.

 

Affected Versions:

      Asterisk 1.2.14, 1.2.15, 1.2.16 

      Asterisk 1.4.1 

      probably previous versions also

 

Unaffected Versions: Trunk version to date (13/03/2007)

 

Vulnerability Synopsis: After sending a crafted INVITE message the software
finish abruptly its execution with a Segmentation Fault provoking a Denial
of Service (DoS) in all the services provided by the entity.

 

Impact: A remote individual can remotely crash and perform a Denial of
Service(DoS) attack in all the services provided by the software by sending
one crafted SIP INVITE message. This is conceptually similar to the "ping of
death". 

 

Resolution: The problem has been fixed in Asterisk versions 1.4.2 and
1.2.17, which is released today 19/03/2007 

 

Vulnerability Description: After sending a crafted message the software
crash abruptly. The message in this case is an anonymous INVITE where the
SDP contains 2 connection headers. The first one must be valid and the
second not where the IP address should be invalid. The callee needs not to
be a valid user or dialplan. In case where asterisk is set to disallow
anonymous call, a valid user and password should be known, and while
responding the corresponding INVITE challenge the information should be
crafted as above. After this crafted SIP INVITE message, the affected
software crash immediately. 

 

Proof of Concept Code: available

 

Credits:

      Humberto J. Abdelnur (Ph.D Student)

      Radu State (Ph.D)

      Olivier Festor (Ph.D)

      This vulnerability was identified by the Madynes research team at
INRIA

      Lorraine, using the Madynes VoIP fuzzer.

       <http://madynes.loria.fr/> http://madynes.loria.fr/

 

 

Disclosure Distribution: 

      The advisory will be posted on the following websites:

 

      1)    Asterisk's website

      2)     <http://madynes.loria.fr/> http://madynes.loria.fr website

 

      The advisory will be posted to the following mailing lists:

 

      1)    full-disclosure@lists.grok.org.uk

      2)    voipsec@vopisa.org

 


------=_NextPart_000_00B4_01C76A58.D4117A50
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"State"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"PlaceType"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"PlaceName"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"place" downloadurl=3D"http://www.5iantlavalamp.com/"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:Arial;
	color:windowtext;}
@page Section1
	{size:595.3pt 841.9pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body lang=3DFR link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>MADYNES Security
Advisory <o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
style=3D'font-size:10.0pt;font-family:"Courier New"'><a
href=3D"http://madynes.loria.fr/"><span =
lang=3DEN-US>http://madynes.loria.fr</span></a></span></font><font
size=3D2 face=3D"Courier New"><span lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:
"Courier New"'><o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier New"'>Title: =
Asterisk
SIP INVITE remote DOS&nbsp; <o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>Release Date:<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
08/03/2007<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>Severity: <o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; High -
Denial of&nbsp; Service<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>Advisory ID:KIPH1<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>Software:<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Asterisk<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></font><font
size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;font-family:"Courier New"'><a
href=3D"http://www.asterisk.org/"><span =
lang=3DEN-US>http://www.asterisk.org/</span></a></span></font><font
size=3D2 face=3D"Courier New"><span lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:
"Courier New"'><o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal =
style=3D'text-align:justify;text-autospace:none'><font size=3D2
face=3D"Courier New"><span lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:"Courier New"'>Asterisk&reg;
is a complete IP PBX in software. It runs on a wide variety of operating
systems including Linux, Mac OS X, OpenBSD, FreeBSD and Sun Solaris and
provides all of the features you would expect from a PBX including many
advanced features that are often associated with high end (and high =
cost)
proprietary PBXs. Asterisk&reg; supports Voice over IP in many =
protocols, and can
interoperate with almost all standards-based telephony equipment using
relatively inexpensive hardware.<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>Affected
Versions:<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Asterisk
1.2.14, 1.2.15, 1.2.16 <o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Asterisk
1.4.1 <o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; probably
previous versions also<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>Unaffected
Versions: Trunk version to date =
(13/03/2007)<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal =
style=3D'text-align:justify;text-autospace:none'><font size=3D2
face=3D"Courier New"><span lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:"Courier New"'>Vulnerability
Synopsis: After sending a crafted INVITE message the software finish =
abruptly
its execution with a Segmentation Fault provoking a Denial of Service =
(DoS) in
all the services provided by the entity.<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal =
style=3D'text-align:justify;text-autospace:none'><font size=3D2
face=3D"Courier New"><span lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:"Courier New"'>Impact:
A remote individual can remotely crash and perform a Denial of =
Service(DoS) attack
in all the services provided by the software by sending one crafted SIP =
INVITE
message. This is conceptually similar to the &quot;ping of death&quot;. =
<o:p></o:p></span></font></p>

<p class=3DMsoNormal =
style=3D'text-align:justify;text-autospace:none'><font size=3D2
face=3D"Courier New"><span lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>Resolution: The problem
has been fixed in Asterisk versions 1.4.2 and 1.2.17, which is released =
today 19/03/2007
<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal =
style=3D'text-align:justify;text-autospace:none'><font size=3D2
face=3D"Courier New"><span lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:"Courier New"'>Vulnerability
Description: After sending a crafted message the software crash =
abruptly. The
message in this case is an anonymous INVITE where the SDP contains 2 =
connection
headers. The first one must be valid and the second not where the IP =
address
should be invalid. The callee needs not to be a valid user or dialplan. =
In case
where asterisk is set to disallow anonymous call, a valid user and =
password
should be known, and while responding the corresponding INVITE challenge =
the
information should be crafted as above. After this crafted SIP INVITE =
message,
the affected software crash immediately. <o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier New"'>Proof =
of Concept
Code: available<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>Credits:<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Humberto J.
Abdelnur (Ph.D Student)<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <st1:place
w:st=3D"on"><st1:PlaceName w:st=3D"on">Radu</st1:PlaceName> =
<st1:PlaceType w:st=3D"on">State</st1:PlaceType></st1:place>
(Ph.D)<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Olivier
Festor (Ph.D)<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; This
vulnerability was identified by the Madynes research team at =
INRIA<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <st1:place
w:st=3D"on"><st1:State w:st=3D"on">Lorraine</st1:State></st1:place>, =
using the
Madynes VoIP fuzzer.<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></font><font
size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;font-family:"Courier New"'><a
href=3D"http://madynes.loria.fr/"><span =
lang=3DEN-US>http://madynes.loria.fr/</span></a></span></font><font
size=3D2 face=3D"Courier New"><span lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:
"Courier New"'><o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>Disclosure
Distribution: <o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The
advisory will be posted on the following =
websites:<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1)&nbsp;&nbsp;&nbsp; Asterisk's
website<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2)&nbsp;&nbsp;&nbsp; =
</span></font><font
size=3D2 face=3D"Courier New"><span =
style=3D'font-size:10.0pt;font-family:"Courier New"'><a
href=3D"http://madynes.loria.fr/"><span =
lang=3DEN-US>http://madynes.loria.fr</span></a></span></font><font
size=3D2 face=3D"Courier New"><span lang=3DEN-US =
style=3D'font-size:10.0pt;font-family:
"Courier New"'> website<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The
advisory will be posted to the following mailing =
lists:<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1) &nbsp;&nbsp; =
full-disclosure@lists.grok.org.uk<o:p></o:p></span></font></p>

<p class=3DMsoNormal style=3D'text-autospace:none'><font size=3D2 =
face=3D"Courier New"><span
lang=3DEN-US style=3D'font-size:10.0pt;font-family:"Courier =
New"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2)&nbsp;&nbsp;&nbsp; =
voipsec@vopisa.org<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>

------=_NextPart_000_00B4_01C76A58.D4117A50--


--===============0866377245==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============0866377245==--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC