login | register
Sat 17 of May, 2008 [12:13 UTC]

voip-info.org

Navigation
Today's Deals
Recently Visited Pages
Search with Google
Search this site with Google. Results may not include recent changes.
 
Google Ads
Last Changes
Shoutbox
  • Juan Ortega, Thu 15 of May, 2008 [10:33 UTC]: Hi everybody, I'm Juan, an ITCom student, and I need to know what basic elements I need to create a VoIP network. Can anybody helpme, please?,Thank you very much
  • gineta, Wed 14 of May, 2008 [03:58 UTC]: any here not fine the configuration of firewall juniper -screem for VOIP asterisk????
  • Anoop Prabhakaran, Tue 13 of May, 2008 [12:16 UTC]: I am developing Asterisk IVR, Whenever i make a internation call to the IVR system, the DTMF is not getting detected properly, this happens only for the first time, second call onwards system works fine. why this is happening
  • joe, Mon 12 of May, 2008 [04:27 UTC]: Is there an opensource browser based softphone, or a system like Busta where everything is not manages through their website?
  • Nick Barnes, Fri 09 of May, 2008 [11:36 UTC]: Christopher - yesterday I tried an Asterisk install on a CentOS 5.1 box with stock GUI and it all worked fine. Sorry I can't help.
  • aero, Fri 09 of May, 2008 [08:20 UTC]: can someone help me out on this, i tried to play some sound files on my asterisk box and this is the error message i got. WARNING[4429]: format_wav.c:169 check_header: Unexpected freqency 22050 May 8 11:17:39 WARNING[4433]: codec_gsm.c:194 gsmtolin_fra
  • Christopher Faust, Thu 08 of May, 2008 [14:15 UTC]: I beleive that I may have to change something in the xserver configuration. Please advise
  • Christopher Faust, Thu 08 of May, 2008 [14:14 UTC]: Everything was perfect. In the bios I have increased the memory allocated Still receive input not supported on my display.
  • Christopher Faust, Thu 08 of May, 2008 [14:13 UTC]: This would not be my main box. I am doing some testing to see if I can install zaptel and asterisk 1.4 on a full centos 5.1 box with development software Its bizzare, because before I went through the asterisk and zaptel installation everything was perfe
  • Nick Barnes, Thu 08 of May, 2008 [13:44 UTC]: Christopher - I can't see any way in which an Asterisk installation would muck your GUI, but remember that it is advised not to use a GUI on an Asterisk box anyway.
Server Stats
  • Execution time: 0.29s
  • Memory usage: 2.20MB
  • Database queries: 29
  • GZIP: Disabled
  • Server load: 0.85

VoIP Security Vulnerabilities

This page is intended to document Security Vulnerabilities that have been publicly disclosed in VoIP products and the fix if available.


Cisco 7920

16th November 2005 - Vulnerability - Fix
1)The SNMP service has fixed community strings that allow remote users to read, write, and erase the configuration of an affected device.

2) An open VxWorks Remote Debugger on UDP port 17185 that may allow an unauthenticated remote user to access debugging information or cause a denial of service.

Hitachi Wireless IP5000

16th November 2005 - Vulnerability - Fix
1) The Hitachi VOIP WIFI phone handset has a default administrator password of "0000" that the user enters in order to access administrator functions when programming the handset via the physical keys. This password appears to be hardcoded and presents a physical vulnerability. If an attacker can physically access the phone (borrow, phone rental scenario, theft, etc.) the attacker can derive sensitive information and modify the phone's configuration.
There appears to be no workaround for this vulnerability.

2) Improper information disclosure: The HTTP daemon default index page discloses what the device is (Hitachi IP5000 phone), the phone software versions, phone MAC address, IP address and routing information. An attacker can use this to discover quickly what the device is and see if there are any associated vulnerabilities. Also, the disclosure of the phone's routing/gateway information can provide an attacker with information for a DoS attack. An attacker does not need to authenticate to the phone to obtain this information from the index page.
Workaround is to disable the HTTP server via the phone's physical interface or via the HTTP interface.

3). Web server default configuration does not require credentials to authenticate. This allows an attacker to access any of the various configuration pages of the phone, changing the phone configuration, etc. Workaround is to disable the HTTP server via the phone's physical interface or via the HTTP interface. The phone user may also set a password via the HTTP interface. Note that the password set page does not require the previous password (an attacker could lock out a user if the initial password is not set), nor does it require the new password to be entered twice (to avoid fat-fingering).

4)The Hitachi IP5000 VOIP WIFI phone SNMP v1/v2c daemon allows read/write access to the phone's SNMP configuration using any credentials. An attacker can use this vulnerability to access the phone's SNMP configuration, potentially reading/writing/erasing sensitive information.
There seems to be no workaround as it appears that the SNMP daemon can neither be disabled, nor can the SNMP daemon read/write strings be modified by the phone user.

5)The Hitachi IP5000 phone has a undocumented open port, TCP/3390, that provides an unauthenticated attacker access to the Unidata Shell created upon connection. This may allow an attacker to access sensitive information and potentially impact the phone's operations in a DoS.
As a workaround, there appears to be no means to disable this port and service, so no workaround appears possible.

Senao SI-680H

16th November 2005 - Vulnerability - No Fix
An undocumented open port, UDP/17185, VxWorks WDB remote debugging (wdbrpc) is left in from development. This open port may allow an attacker unauthenticated access to the phone's OS, perhaps yielding sensitive information, creating opportunities for DoS, etc. There appears to be no workaround to disabling this open port

ZyXEL Prestige 2000W

16th November 2005 - Vulnerability - No Fix
1) The Zyxel P2000W v.1 VOIP WIFI phone has an undocumented port, UDP/9090, that provides an unauthenticated attacker information about the phone, specifically the phone's MAC address and software version is returned upon connection. An attacker can use this vulnerability to easily identify the phone and software version. Also, the undocumented open port may provide an avenue for DoS. There appears to be no workaround for this issue.

2) The Zyxel P2000W v.1 VOIP WIFI phone uses hardcoded DNS servers located in Taiwan for the phone's DNS configuration. Primary DNS IP is 168.95.1.1 resolving to dns.hinet.net. Secondary DNS IP is 139.175.55.244 resolving to dns.seed.net.tw
This configuration places every ZyXel phone using this software at risk of unintentional DoS if the DNS servers in Taiwan become unavailable. If the DNS servers are compromised, all Zyxel phone users worldwide are vulnerable to being redirected to malicious SIP servers, etc. For a temporary workaround users can manually input the IP address of a known, trusted DNS server via the keyboard at each phone start when configured for DHCP or PPOE, however, this will not persist once the phone is restarted.

UTstarcom F1000

16th November 2005 - Vulnerability - Fix
1) UTstarcom F1000 SNMP daemon default public credentials allows an attacker with access to the phone's SNMP daemon to read the phone's SNMP configuration. This can lead to sensitive information disclosure. In addition, the daemon's read/write credentials cannot be changed, nor can the daemon be disabled via the phone's physical interface (i.e. via keypad input). During testing, the SNMP daemon appeared consistently die when connecting via Snmpwalk, requiring rebooting the phone in order to restore SNMP service.

2) The phone's rlogin port TCP/513 is listening by default and requires no authentication. An attacker connecting to the phone via telnet/netcat is dropped into a shell without any log-in. The shell provides an attacker full access to the Vxworks OS, including debugging, direct memory dumping/injection, read/write device, user and network configuration files, enable/disable/restart services, remote reboot.
There appears to be no workaround as neither the service can be disabled, nor can authentication to rlogin be enabled.

  • These problems were identified on UTStarcom's s2.0 software release which was issued in April 2005. They were reported to UTStarcom in June 2005 and all items listed here were corrected by the August 2005 3.1st software release. Current firmware at the time of writing is 3.60st.

Additional Resources



Created by www.myphonecall.co.uk, Last modification by qwerty55 on Thu 05 of Apr, 2007 [10:16 UTC]

Comments

Comments Filter

VoIP Security Solutions

by jenniferhan on Thursday 27 of December, 2007 [06:30:23 UTC]
SpeedVoIP is a professional VoIP Security and VoIP anti blocking solutions provider.
The core solution for VoIP Security and VoIP anti-blocking is VGCP (VoiceGuard Control Protocol).
It can work with any 3rd-party Softphone / ATA / Gateway / IP Phone / IADs and SIP proxy or server.
It can work in the way similar to that of SOHO router, but it only encrypts and decrypts SIP and RTP packets on link layer, not to handup these packets to IP stack for forwarding while bypassing other data packets originating from SIP terminals. In this scenario, peak throughput and minimal CPU overhead can be easily achieved.

VoiceGuard can real-time incorporate light-weight traffic for puzzling and bypassing VoIP blocking system without consuming more bandwidth and compromising voice quality. Even in some circumstance, VoiceGuard can simulate traffic behavior of universal data networking protocol such as OICQ, MSN and so on.

For more information, please refer to: http://www.speed-voip.com/index-36.html

Andy
xd.wong@speed-voip.com
andywong-01@hotmail.com

Please update this page with new information, just login and click on the "Edit" or "Add Comment" button above. Get a free login here: Register Thanks! - support@voip-info.org

Page Changes | Comments

Sponsored by:
Terms of Service Privacy Policy
© 2003-2008 VOIP-Info.org LLC

Powered by bitweaver