|
中华网络安全联盟 来源:奇趣 时间:2007-10-27 16:25:24
发布日期:2007-10-18
更新日期:2007-10-24
受影响系统:Nortel Networks Meridian-Core-Option 81C
Nortel Networks Meridian-Core-Option 61C
Nortel Networks Meridian-Core-Option 51C
Nortel Networks Meridian-Core-Option 11C Mini
Nortel Networks IP Softphone 2050
Nortel Networks IP Phone 2007
Nortel Networks IP Phone 2004
Nortel Networks IP Phone 2002
Nortel Networks IP Phone 2001
Nortel Networks IP Phone 1150E
Nortel Networks IP Phone 1140E
Nortel Networks IP Phone 1120E
Nortel Networks IP Phone 1110
Nortel Networks IP Phone
Nortel Networks Mobile Voice Client 2050
Nortel Networks IP Audio Conference Phone 2033
Nortel Networks Communications Server 2100
Nortel Networks Communications Server 1000S
Nortel Networks Communications Server 1000M Cabinet/Chassis
Nortel Networks Communications Server 1000E 描述:
BUGTRAQ ID: 26120
Nortel IP Phone、IP Softphone等都是Nortel所发布的IP电话设备。
Nortel IP Phone实现上存在漏洞,远程攻击者可能利用此漏洞实现远程现场窃听。
如果用户发送了正确的UNIStim消息的话,就可能将IP电话置于监控模式。UNIStim消息ID必须匹配发送信号的服务器与IP电话之间的ID,但协议仅对ID数使用了16位长度。如果恶意用户发送了65536个穷尽了所有可能ID数的欺骗UNIStim消息的话,就可以打开音频通道,使IP电话的话筒处于远程监听的状态。
<*来源:Cyrill Brunschwiler (cyrill.brunschwiler@csnc.ch)
Daniel Stirnimann (daniel.stirnimann@csnc.ch)
链接:http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf
http://marc.info/?l=bugtraq&m=119272363301864&w=2
http://secunia.com/advisories/27234/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负! http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt
建议:
厂商补丁:
Nortel Networks
---------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.nortelnetworks.com/index.html |
