-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Response: Multiple SIP Vulnerabilities in the
Cisco
7960 IP Phones
Document ID: 98592
http://www.cisco.com/warp/public/707/cisco-sr-20
070821-sip.shtml
Revision 1.0
For Public Release 2007 August 21 2200 UTC (GMT)
-
------------------------------------------------------------
---------
Cisco Response
==============
This is the Cisco PSIRT response to an issue discovered and
reported
to Cisco by Radu State, Humberto J. Abdelnur and Olivier
Festor
regarding two Session Initiation Protocol (SIP)
vulnerabilities in
the Cisco 7940/7960 IP Phones.
The original reports are available at the following links:
http://archives.neohapsis.com/archives/fu
lldisclosure/2007-08/0385.html
http://archives.neohapsis.com/archives/fu
lldisclosure/2007-08/0386.html
We greatly appreciate the opportunity to work with
researchers on
security vulnerabilities, and welcome the opportunity to
review and
assist in product reports.
Cisco has confirmes the following: This issue is documented
as Cisco
bug ID CSCsi68191. Cisco IP Phone 7940/7960 SIP firmware
versions
prior to 8.7(0) are vulnerable to the denial of service
attacks
detailed in the reports. Firmware versions 8.7(0) and later
are not
vulnerable to this issue. Version 8.7(0) firmware images for
Cisco IP
7940/7960 phones can be obtained here:
http://www.cisco.com/pcgi-bin/tablebuil
d.pl/sip-ip-phone7960?psrtdcat20e2
Additional Information
======================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND
DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF
THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE
DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR
UPDATE THIS
DOCUMENT AT ANY TIME.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2007-August-21 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities
in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is
available
on Cisco's worldwide website at
http://www.cisco.com/en/US/produ
cts/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding
Cisco
security notices. All Cisco security advisories are
available at
http://www.cisco.com/g
o/psirt.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iD8DBQFGy4AY8NUAbBmDaxQRAiBGAJsHCsfeFWNbJkNvIKbLH4V3/WQKUQCe
ItnP
WRKr9Xi+b3VlXL6C3JUzK1k=
=nzf7
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce cisco.com
To unsubscribe, send the command "unsubscribe" in
the subject of your message to
cust-security-announce-leavecisco.com
|
