Hi, Yes, this is an extraordinarily lame bug, but that's sort of the point with many of these VoIP phones, both wired and wireless. They are a new class of device going onto networks and tend to be kind of sucky when it comes to what I'd consider *expected customer environment tool runs* like Nmap and Nessus, not to mention plenty of others such as ISIC, Protos, Asteroid, <insert fuzzer-o'-the-day-here>...and that's just sticking with the free stuff.
I didn't find the bug anyways, I just reported it to Linksys and then FD. And even though I'm poking around with a bunch of VoIP phones on my own time and dime, I don't own one of these WIP 330s. Anyway, you seem happy with your WIP 330...once you got it configured... http://www.trixbox.org/modules/newbb/viewtopic.php?topic_id=5974&forum=3#forumpost23445 Say, if you have the cycles for some free vendor QA, and since you have a WIP 330 in hand, maybe you can find something much cooler with that PhoneCtl.exe crash and get back to us? Thanks, --scm On 12/7/06, pingywon <[EMAIL PROTECTED]> wrote: > > "The crash > > appears related to PhoneCtl.exe running on the phone's Windows CE 4.2 > > operating system." > > "Let me take a look at that screenshot again..." > > http://www.flickr.com/photos/metalmijn/295348294/ > > "Heck buddy, you appear correct" > > ~p > > > > > > ----- Original Message ----- > From: "Shawn Merdinger" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Wednesday, December 06, 2006 1:40 PM > Subject: [Full-disclosure] Linksys WIP 330 VoIP wireless phone crash > fromNmap scan > > > > Vulnerability Description > > ================== > > The Linksys WIP 330 VoIP wireless phone will crash when a full > > port-range Nmap scan is run against its IP address. > > > > > > Linksys WIP 330 Firmware Version > > ========================== > > 1.00.06A > > > > > > Nmap scan command > > ================ > > nmap -P0 <WIP 330 ip address> -p 1-65535 > > > > > > Impact > > ===== > > The crash is only after Nmap has finished. The Nmap scan also seems to > > disrupt updating of the display as the clock is not updated. The crash > > appears related to PhoneCtl.exe running on the phone's Windows CE 4.2 > > operating system. > > > > Screenshot of the crash: http://www.flickr.com/photos/metalmijn/295348294/ > > > > > > Credit > > ==== > > Credit for discovering this vulnerability goes to Armijn Hemel > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
