Cisco Patches VoIP Phone Vulnerability

Wednesday May 25th 2005 by Michael Hall
Share:

A bug in some implementations of the DNS protocol has left parts of Cisco's IP phone line vulnerable to DoS attacks. Cisco has a patch.

Acting on information provided by a U.K. government security group's advisory, Cisco has patched the software for several of its IP telephony products.

According to the U.K.'s National Infrastructure Security Co-ordination Center (NISCC), a vulnerability in some implementations of the DNS protocol could allow malicious individuals to effect a denial of service attack on certain systems.

NISCC's advisory included some details of the the vulnerability, noting that it affects DNS messages compressed to "easily fit in a UDP (define) packet." According to the advisory, some DNS implementations rely on recursion to decode such messages, and can enter into a loop that causes a DNS service to crash if it's fed instructions to go to an illegal address.

The affected Cisco products, according to the company's advisory, include Cisco IP Phones 7902/7905/7912, the Cisco ATA (Analog Telephone Adaptor) 186/188, as well as its Unity Express product and several of its ACNS devices. Some IP phones are not affected, nor is any Cisco product running the company's IOS.

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved