[VOIPSEC] FYI - Quarterly Summary of VoIP Vulnerabilities
dima _at
dima.ky at gmail.com
Wed Apr 23 11:34:05 CDT 2008
Hi Shawm Merdinger. Actually, I've been looking around on
vulnerabilities in Nortel products and turned out it's a general
think for Nortel to have ip stack implementation problems. Or may be
it's a VxWork issue which Nortel is usually using as the OS.
Here is the result isic tools has been used on CS1000
http://www.csnc.ch/misc/files/advisories/nortel_telephony_server_denial_of_service_v1.0.txt
If you look at these two
http://www.csnc.ch/misc/files/advisories/nortel_IP_phone_forced_re-authentication_v1.0.txt,
http://www.csnc.ch/misc/files/advisories/nortel_IP_phone_flooding_denial_of_service_v1.0.txt
as for me they are revealing the same ip implementation problem i was
talking before. And the problem is still present in the firmware
0604DAX issued after those reports.
--
regards, Dima
More information about the Voipsec
mailing list