Rootsecure Homepage
About RootSecure
Lite Edition
User Area
Audio News
Daily Newsletter
Site News Archives
Sources News Archive
SecNews RSS Feeds
SecNews Console
Links:
Videos
Security
Hacking
Wireless
Downloads:
Other
Perl Scripts
Audio Clips
Win32 Tools
Media Archive
PDF Documents
Reports
Hacker Gear
Win' Error Pic's
ASCII Generator
Your IP Address
RootSecure:
Contact
Search
Publicity
Affiliates
Attack Statistics
Syndication
(RSS/XML Feed)
Privacy Policy
Hits: 134,511,487
(Since 06/09/02)
Admin Telnet
HoneyPot Project
|
|
|
|
Reports | Grandstream BudgeTone-100 series VOIP SIP Phone multiple DOS vulnerabilities
{23rd Mar 2004} |
|
|
 Known to be affected: Two Grandstream BudgeTone 102 phones running firmware version 1.0.4.17 (latest).
Vendor has verified issue 2, only (software versions affected were not stated), and is currently working on a fix (02/02/04).
The Grandstream BudgeTone-100 series are voice over internet protocol telephones supporting the widely used SIP standard, at an "ultra-affordable price".
Two separate vulnerabilities have been identified which require the phone is power cycled to resume normal operation.
- Issue 1 - Sending of an incomplete SIP request on port 5060 causes the phone to make "electronic" noises and the screen display to become corrupt before locking up.
- Issue 2 - Connecting to port 80 over UDP causes the phone to lockup in its current state.
Perl ‘proof of concept' code is available.
Phones tested were running:
Program--1.0.4.17
Bootloader--1.0.0.11
HTML--1.0.0.19
Firmware version 1.0.4.17 came pre-loaded when purchased, version 1.0.4.54 believed to be the latest stable release is only vulnerable to issue 2.
[Vendor website]
|