> TITLE: > Cisco IP Phones SYN Flood Device Reload Vulnerability > > SECUNIA ADVISORY ID: > SA18479 > > VERIFY ADVISORY: > http://secunia.com/advisories/18479/ > > CRITICAL: > Less critical > > IMPACT: > DoS > > WHERE: > >From local network > > OPERATING SYSTEM: > Cisco IP Phone 7900 Series > http://secunia.com/product/2809/ > > SOFTWARE: > Cisco IP Phones 7960 > http://secunia.com/product/287/ > Cisco IP Phone 7940 > http://secunia.com/product/1113/ > > DESCRIPTION: > A vulnerability has been reported in Cisco 7940 and 7960 IP Phones, > which can be exploited by malicious people to cause a DoS (Denial of > Service). > > The vulnerability is caused due to an error in the IP Stack. This can > be exploited to cause the IP Phone to reload by sending a SYN flood to > an arbitrary port. > > SOLUTION: > Update to firmware revision 7.1(1) or later, which have the > capability to perform load control using TCP throttling. This > prevents a device from reloading. > > PROVIDED AND/OR DISCOVERED BY: > The vendor credits Knud Erik Højgaard. > > ORIGINAL ADVISORY: > http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
