|
#############################################################=0D
#=0D
# COMPASS SECURITY ADVISORY http://www.csnc.ch/=0D
#=0D
#############################################################=0D
#=0D
# Product: IP Softphone=0D
# Vendor: Nortel=0D
# Subject: UNIStim IP Softphone Buffer-Overflow=0D
# Risk: High=0D
# Effect: Currently not exploitable=0D
# Author: Cyrill Brunschwiler (cyrill.brunschwiler (at) csnc (dot) ch=0D
# Date: October, 18th 2007=0D
#=0D
#############################################################=0D
=0D
Introduction:=0D
-------------=0D
Flooding an UNIStim IP Softphone on the RTCP Port with garbage immediately results in a Microsoft Windows error message which is mostly caused by=0D
memory corruption (buffer overflow).=0D
This vulnerability may be exploitable to gain user privileges on the client workstation and execute malicious commands or code.=0D
=0D
Nortel has noted this as:=0D
Title: UNIStim IP Softphone - Potential Vulnerability Due to Buffer Overflow=0D
Number: 2007008382=0D
http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY=0D
=0D
Vulnerable:=0D
-----------=0D
IP Softphone 2050=0D
=0D
Vulnerability Management:=0D
-------------------------=0D
June 2007: Vulnerability found=0D
June 2007: Nortel Security notified=0D
October 2007: Nortel Advisory available=0D
October 2007: Compass Security Information=0D
=0D
Remediation:=0D
------------=0D
According to Nortel the vulnerability is still under investigation.=0D
The Nortel advisory will be reissued if the investigation results in new prevention information.=0D
=0D
Reference:=0D
http://www.csnc.ch/static/advisory/secadvisorylist.html