Nortel UNIStim IP Phone - Remote Ping Denial of Service

EDB-ID:

31306


Author:

sipherr

Type:

dos


Platform:

Hardware

Date:

2008-02-26


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

source: https://www.securityfocus.com/bid/28004/info

Nortel UNIStim IP Phone products are prone to a remote denial-of-service vulnerability because the software fails to properly handle unexpected network datagrams.

Successfully exploiting this issue allows remote attackers to crash affected phones, denying service to legitimate users.

Phones with firmware 0604DAS are vulnerable to this issue. Other versions are also reportedly affected, but we don't know which specific versions. 

The following command will demonstrate this issue:

ping -s 65500 <target>