Bugtraq mailing list archives
Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 17 Feb 2004 22:32:10 +0100
3APA3A wrote:
ASN.1 is used by many services, but all use different underlying protocols. It's not likely NetMeeting or MS ISA server to be primary attack targets. Attack against MS IPSec implementation, Exchange, SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP infrastructure (except connectivity degradation because of massive traffic).
I wish your assessment were true, but it's not. Cisco Call Manager is based on Windows, and Cisco still has to certify the patches Microsoft released. It's sad that Microsoft apparently hasn't used those six months to properly coordinate the issue with OEM vendors.
Current thread:
- ASN.1 telephony critical infrastructure warning - VOIP Gadi Evron (Feb 17)
- Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Michal Zalewski (Feb 17)
- RE: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Zak Dechovich (Feb 17)
- Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Michael Samuel (Feb 18)
- RE: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP David Wilson (Feb 23)
- RE: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Zak Dechovich (Feb 17)
- Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP 3APA3A (Feb 17)
- Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP daniel uriah clemens (Feb 17)
- Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Florian Weimer (Feb 18)
- Re: ASN.1 telephony critical infrastructure warning - VOIP RJ Auburn (Feb 18)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Michael H. Warfield (Feb 18)
- Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP Michal Zalewski (Feb 17)