[VOIPSEC] FYI - Quarterly Summary of VoIP Vulnerabilities
Shawn Merdinger
shawnmer at gmail.com
Tue Apr 22 21:21:29 CDT 2008
Hi Dima,
>> dima _at dima.ky at gmail.com
>> Mon Apr 21 16:01:35 BST 2008
>> I've just tested it on the firmware mentioned in the referred
bagtraq message. And what i got. It's possible to archive the same
effect as described...<snip>
Well, my suggestion is to withhold disclosure and contact the CERT and
the Nortel Security Advisory Task Force (SATF) at
http://www.nortel.com/solutions/securenet/satf/index.html and provide
them specific, detailed findings how to reproduce the attack(s) that
you're doing; and coordinate with them on CVEs, a Nortel vulnerability
information release and fix for the vulns.
Also, since you're sending funny packets you might check this tool
out: http://voipsa.org/blog/2007/12/11/isic-for-voip-phone-stacks/
Kind regards,
--scm
Shawn Merdinger
Security Researcher
More information about the Voipsec
mailing list