SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VoIP)  >   Alcatel-Lucent OmniPCX Vendors:   Alcatel-Lucent
Alcatel OmniPCX Enterprise Lets Remote Users Deny Service and Potentially Intercept Audio
SecurityTracker Alert ID:  1018983
SecurityTracker URL:  http://securitytracker.com/id/1018983
CVE Reference:   CVE-2007-5361   (Links to External Site)
Date:  Nov 20 2007
Impact:   Denial of service via network, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.1 and prior versions
Description:   A vulnerability was reported in Alcatel OmniPCX. A remote user can cause denial of service conditions and potentially intercept audio connections.

A remote user can send a specially crafted TFTP request containing the MAC address of the target phone to the Communication Server to cause the audio from subsequent incoming calls to be sent to the remote user's system.

The target phone can still dial and receive calls, but without any ring tone and audio feedback.

The target phone must be rebooted to return to normal operations.

The vendor was notified on June 5, 2007.

Daniel Stirnimann reported this vulnerability.

The original advisory is available at:

http://www.csnc.ch/static/advisory/secadvisorylist.html

Impact:   A remote user can prevent normal operations and potentially intercept audio connections.
Solution:   The vendor has issued the following patches:

OmniPCX Enterprise R7.1: install patch F5.401.21.e
OmniPCX Enterprise R7.0: upgrade to release R7.1
OmniPCX Enterprise R6.2: install patch F3.301.38.a
OmniPCX Enterprise R6.1: install patch F2.502.33
OmniPCX Enterprise R6.0 and earlier: those releases are phased out: upgrade to release R7.1.

The Alcatel advisory is available at:

http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.htm

Vendor URL:  www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.htm (Links to External Site)
Cause:   Authentication error, State error

Message History:   None.


 Source Message Contents

Subject:  Alcatel OmniPCX Enterprise VoIP Vulnerability

#################################################
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#################################################
#
# Product: OmniPCX Enterprise
# Vendor:  Alcatel
# Subject: VoIP Phone Audio Stream Rerouting Vulnerability
# Risk     High
# Effect   Currently exploitable
# Author:  Daniel Stirnimann (daniel.stirnimann (at) csnc (dot) ch)
# Date:    November, 19th 2007
#
#################################################

Introduction:
-------------
If a malicious user sends a TFTP request to the
signaling server with the MAC address of the
is able to reroute only the audio stream coming
from the other end of the call to his computers IP
address.
Even though an Alcatel VoIP phone can make or take
calls, and send audio, it is prevented from hearing anything said at the other end of the
communication. The VoIP phone needs to be rebooted
manually in order to work again.

This vulnerability may be further exploited by
phone again. This would only allow the malicious
user to eavesdrop on half of the victim's audio
communication: what the victim says is not
intercepted, only on the answers made by the other
party would be overheard. Note, this scenario has
not been verified.

Vulnerable:
-----------
Alcatel OmniPCX Enterprise release 7.1 and earlier

Not vulnerable:
---------------
Alcatel OmniPCX Enterprise release 8.0

Vulnerability Management:
-------------------------
June 2007:     Vulnerability found
June 2007:     Alcatel Security notified
November 2007: Alcatel Advisory available
November 2007: Alcatel Security Information

Alcatel-Lucent information:
---------------------------
http://www1.alcatel-lucent.com/psirt/statements.htm
Number 2007004

Reference:
http://www.csnc.ch/static/advisory/secadvisorylist.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC