Full Disclosure mailing list archives
Cisco IP Phone vulnerability
From: "J. Oquendo" <sil () infiltrated net>
Date: Sat, 31 Mar 2007 22:05:40 -0500
-----BEGIN LSD SIGNED MESSAGE----- Infiltrated.net Security Advisory: Cisco IP Phone Denial of Service http://www.infiltrated.net/ciscoIPPhone7960.html Revision 6.9 For Public Release Summary The Cisco IP Phones are subject to a denial of service. This vulnerability has not yet been documented by Cisco but it should be allocated the bug ID 31337 by staff @ PSIRT This advisory will be posted at http://www.infiltrated.net/ciscoIPPhone7960.html Affected Products All Cisco IP Phones Proof of Concept http://infiltrated.net/7960poc.jpg Cisco Security Procedures Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html All Cisco security advisories are available at http://www.cisco.com/go/psirt. Details Cisco IP Phones are subject to a denial of service. Users who disconnect their ethernet cables will lose their dial tones and their present call will drop as well as subsequent incoming calls. While the attack may be local at present time, security engineers Infiltrated Networks (a division of Fscker Inc. with no relation to Halliburton) are devising telekinetic attacks along with Miss Cleo in order to provide a working disconnection attack tool. Impact All your phone sex belongs to null 0 Software Versions and Fixes The only fix is to plug your phone back into a PoE switch or plug in its power cord. Obtaining Fixed Software Infiltrated Networks and Fscker Inc. is offering its services at the low price of $1000.00 an hour in consulting fees to remedy this attack, with a 100 hour minimum retainer fee. In fact, for those seeking to purchase a PoC code of the mentioned vulnerability, contact us, we'll gladly take your milk money. Workarounds Don't unplug your phone. Don't unplug your PoE switches. Don't live in areas where electricity is sporadic. Don't play with matches, and don't drive while under the influence of anything that is currently mentioned at http://www.bumwine.com Exploitation and Public Announcements Infiltrated.net is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to us losers, by another bigger loser who wishes to retain his or her anonyminity out of fear of obtaining "Michael Lynn Disease" where a frivolous denial of service attack via litigation will ensue and weaken the immune system. Status of This Notice: FINAL This is a final Infiltrated.net advisory. Although we cannot guarantee the accuracy of all statements in this notice, we still passed it on to you the consumer knowing full well a cease and desist letter will be sent and added to our collection. All of the facts have however been checked to the best of our ability while not under the influence of Prozac, Valtrex, Valium, Lithium and lest we forget, weapons of mass destruction of which you will not find since we have them buried in the secret stash boxes of our Nissan, Lexus, WRX, and Cherokee alongside our Glocks. Revision History Revision 6.9 Initial public release This notice is Copyright 2007 by Infiltrated.net. This notice may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, and include all date and version information. Pictures of your fiance, wife, girlfriend can be e-mailed to us if said individuals did not yet e-mail to us on their own. Infiltrated Networks, sil, and our oddball affiliates remind those on the security scene to keep it real. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cisco IP Phone vulnerability J. Oquendo (Mar 31)
- Re: Cisco IP Phone vulnerability alessandro salvatori (Mar 31)