I have an open ticket at cisco with status development review; workaround provided.
I'm going to remind them of the potential security consequences later today... The tech I've been working with seems very competent, and I suspect this may eventually get dealt with... Matt Hardeman PaperSoft ----- Original Message ----- From: "Josh Howlett" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 11, 2003 3:30 AM Subject: Re: [Asterisk-Users] Cisco 7960s > Cisco and bugtraq need to know this! > > josh. > > On Fri, 2003-07-11 at 09:21, Matthew Hardeman wrote: > > Cisco should really be ashamed of this product... > > > > While it is physically well constructed, and has excellent sound > > quality along with a very pleasant user interface, the device has > > SERIOUS stability issues, unless you run your network with an iron > > fist... > > > > Quite by accident, while configuring my Asterisk system to connect to > > a Cisco 7960 via SIP in a standard office PBX type arrangement, I > > discovered something interesting... > > > > By screwing around with both the source IP address of a SIP message, > > along with certain IP addresses in the SIP message itself, it's quite > > easy to crash the Cisco. > > > > In short, it would be trivial to DOS (by forcing continuous crashes > > and the subsequent reboots) any Cisco 7960 that you can route UDP > > packets to... > > > > Matt Hardeman > > PaperSoft > > > > > -- > ----------------------------------------------------------- > Josh Howlett, Networking & Digital Communications, > Information Systems & Computing, University of Bristol, U.K. > 'phone: 0117 928 7850 email: [EMAIL PROTECTED] > ------------------------------------------------------------ > > _______________________________________________ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
