Nortel多个VoIP产品UNIStim消息窃听漏洞
2007/10/26
受影响系统:
Nortel Networks Meridian-Core-Option 81C
Nortel Networks Meridian-Core-Option 61C
Nortel Networks Meridian-Core-Option 51C
Nortel Networks Meridian-Core-Option 11C Mini
Nortel Networks IP Softphone 2050
Nortel Networks IP Phone 2007
Nortel Networks IP Phone 2004
Nortel Networks IP Phone 2002
Nortel Networks IP Phone 2001
Nortel Networks IP Phone 1150E
Nortel Networks IP Phone 1140E
Nortel Networks IP Phone 1120E
Nortel Networks IP Phone 1110
Nortel Networks IP Phone
Nortel Networks Mobile Voice Client 2050
Nortel Networks IP Audio Conference Phone 2033
Nortel Networks Communications Server 2100
Nortel Networks Communications Server 1000S
Nortel Networks Communications Server 1000M Cabinet/Chassis
Nortel Networks Communications Server 1000E
描述:
BUGTRAQ ID: 26120
Nortel IP Phone、IP Softphone等都是Nortel所发布的IP电话设备。
Nortel IP Phone实现上存在漏洞,远程攻击者可能利用此漏洞实现远程现场窃听。
如果用户发送了正确的UNIStim消息的话,就可能将IP电话置于监控模式。UNIStim消息ID必须匹配发送信号的服务器与IP电话之间的ID,但协议仅对ID数使用了16位长度。如果恶意用户发送了65536个穷尽了所有可能ID数的欺骗UNIStim消息的话,就可以打开音频通道,使IP电话的话筒处于远程监听的状态。
Nortel Networks:目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:http://www.nortelnetworks.com/index.html
赛迪网-技术社区
相关链接: