Penetration Testing mailing list archives

Re: Voice over IP

From: Desmond Irvine <desmond.irvine () sheridanc on ca>
Date: Fri, 15 Jun 2001 10:04:32 -0400

Ryan Russell wrote:


On Thu, 14 Jun 2001, Young, Brandon wrote:


A couple of colleagues and I are working on a security audit for a
VOIP system. Anyone know of any exploits and vulnerabilities that may
exist with Cisco's call manager?


The last time I spoke with Cisco about this, the call manager was
basically an embedded NT box.  They would ship you an image, and you
weren't supposed to modify it yourself.  You can take this to mean that
any NT exploits won't be patched in a timely manner.  It's been a year or
two, so this may have changed.


The image is Windows 2000 running IIS 5 and SQL Server 7 (I think).  The
last image that I looked at was at least 1 year out of date with regard
to hotfixes and Cisco's stance as of a couple of weeks ago was still not
to modify it.  The Unicode vulnerabilities all run quite well on the box
thanks to this stance and the lack of timely patches from Cisco.  The
IIS server has both a user and administrator interface that requires
authentication which since the server isn't configured for HTTPS can be
sniffed, etc., etc.  

-- 
Desmond Irvine                Security Analyst, Information Technology
Sheridan College              Phone: 905-845-9430 x2035
1430 Trafalgar Road           Fax: 905-815-4011
Oakville, ON  L6H 2L1         EMail: desmond.irvine () sheridanc on ca

Current thread:

Voice over IP Young, Brandon (Jun 14)
- RE: Voice over IP Ofir Arkin (Jun 14)
  - Re: Voice over IP Dug Song (Jun 15)
    - Re: Voice over IP mht (Jun 19)
- Re: Voice over IP Ryan Russell (Jun 14)
  - Re: Voice over IP Desmond Irvine (Jun 15)
- Re: Voice over IP Andreas Östling (Jun 15)
- <Possible follow-ups>
- RE: Voice over IP John Bumgarner (Jun 15)