Full Disclosure mailing list archives
RE: ASN.1 telephony critical infrastructure warning - VOIP
From: "John LaCour" <jlacour () zonelabs com>
Date: Tue, 17 Feb 2004 14:29:24 -0800
Gadi Evron wrote: ASN is what VOIP is based on, and thus the critical infrastructure for telephony which is based on VOIP. Zak Dechovich wrote: > Mail from Zak Dechovich <ZakGroups () SECUREOL COM> > > > ASN1 is mainly used for the telephony infrastructure (VoIP), > any code that attacks this infrastructure can be
"ASN.1 is what VoIP is based on" is an overly broad statement. The ITU H.323 umbrella of protocols use ASN.1 as the data encoding method for several of the protocols. There are many other VoIP signaling protocols which don't use ASN.1. SIP comes to mind. Most VoIP media is RTP (RFC 3550) which doesn't use ASN.1 at all. Particular VoIP implementations that happen to use ASN.1 may or may not use it correctly. Those that have flawed ASN.1 implementations may or may not be exploitable. If a given system is exploitable, its likely that the exploit will be specific to a certain vendor and/or platform. IMHO, the possibility of some kind of VoIP worm propagating by exploiting ASN.1 is highly unlikely. -John _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: ASN.1 telephony critical infrastructure warning - VOIP, (continued)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Valdis . Kletnieks (Feb 18)
- Re: ASN.1 telephony critical infrastructure warning - VOIP jan . muenther (Feb 18)
- RE: ASN.1 telephony critical infrastructure warning - VOIP David Wilson (Feb 23)
- Re: ASN.1 telephony critical infrastructure warning - VOIP 3APA3A (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP daniel uriah clemens (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Florian Weimer (Feb 17)
- Re[2]: ASN.1 telephony critical infrastructure warning - VOIP 3APA3A (Feb 18)
- Re: ASN.1 telephony critical infrastructure warning - VOIP RJ Auburn (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Michael H. Warfield (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP RJ Auburn (Feb 20)
- RE: ASN.1 telephony critical infrastructure warning - VOIP John LaCour (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Joseph M Hoffman (Feb 19)