[VOIPSEC] FYI - Quarterly Summary of VoIP Vulnerabilities
Shawn Merdinger
shawnmer at gmail.com
Sun Apr 20 17:13:50 CDT 2008
Hi Dima,
>> dima _at dima.ky at gmail.com
>> Sun Apr 20 01:20:16 BST 2008
>> I believe this one http://www.securityfocus.com/archive/1/488782 has
>> not been mentioned undeservedly. By the way, it seems like Nortel did
>> not address that vulnerability at all.
That "vulnerability" is, IMHO, still unclear and unverified per the
discussion thread, see
http://www.engardelinux.org/modules/index/list_archives.cgi?list=bugtraq&page=index.html&month=2008-02
(search for Nortel and read the entire thread)
Perhaps the VoipShield engineer on the thread <amarkov at voipshield.com>
can elaborate more on the validity and what were his findings of the
Nortel Phone DoS claimed?
In any event, you have to take into account the severity of impact,
attack vectors, attacker location, etc. as savvy folks like J. Oquendo
point out with the Linksys SPA-2102 VoIP gateway "Yet Another Ping of
Death" claim thread:
http://forum.tornevall.net/showthread.php?p=1713744
Kind regards,
--scm
Shawn Merdinger
Security Researcher
More information about the Voipsec
mailing list