exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Atstake Security Advisory 04-09-13.2

Atstake Security Advisory 04-09-13.2
Posted Sep 15, 2004
Authored by Atstake, James Vaughan | Site atstake.com

Atstake Security Advisory A091304-2 - A vulnerability in the HTTP management interface of the Pingtel Xpressa phone enables a remote authenticated attack to cause the underlying VxWorks operating system to stop.

tags | advisory, remote, web
SHA-256 | 06fd96368b13cff6c5011a555781244b333d9af19a094cd41d33e938beb1d104

Atstake Security Advisory 04-09-13.2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

@stake, Inc.
www.atstake.com

Security Advisory

Advisory Name: Pingtel Xpressa Denial of Service
Release Date: 09-13-2004
Device: Xpressa phone (Model PX-1)
Firmware: Core Apps: 2.1.11.24 Kernel: 2.1.11.24
Severity: An attacker can cause the phone to fail. A power
cycle is required to restore functionality.
Author(s): James Vaughan <jdv@atstake.com>
Vendor Status: Vendor has halted sales of device
CVE Candidate: CVE Candidate number applied for
Reference: www.atstake.com/research/advisories/2004/a091304-2.txt


Overview:


Pingtel Corp. (http://www.pingtel.com/) is a leading independent
vendor of Session Initiation Protocol (SIP) products. One of
Pingtel's flagship products was the Xpressa SIP desktop phone. In
August, 2004 Pingtel ceased selling the Xpressa phone

@stake has discovered a vulnerability in the HTTP management
interface of the phone. This could be used by an attack to deny
service to the handset by crashing the underlying VxWorks
operating system.


Details:

The Pingtel Xpressa handset can be administered over a variety of
interfaces (console, telnet and http). A vulnerability exists in
the HTTP server which enables a remote authenticated attack to
cause the underlying VxWorks operating system to stop. A request
of the form:

GET /<buffer>/cgi/application.cgi HTTP/1.0
Authorization: Basic [base64authstring]

Where <buffer> is a string of 260 uppercase A will trigger the
DoS condition.

This issue has the potential for further exploitation within the
context of the VxWorks operating system. However, this was not
investigated further due to the closed nature of the PingTel device.
Note that Pingtel is open sourcing the underlying software shortly.

Vendor Response:

09-08-2004 @stake attempts vendor contacted via email
09-10-2004 @stake re-attempts vendor contacted via email
09-10-2004 Vendor responds that sales of device halted
09-13-2004 Advisory released


email to @stake from Pingtel:

"Pingtel will no longer market the xpressa desktop IP phone. Pingtel
will continue to sell its industry leading SIP Softphone, and will
continue to support its existing xpressa desktop phone customers who
are on an active Warranty or Maintenance Plans."


Recommendation:

The threat of this vulnerability can be mitigated by disabling the
HTTP management interface on the Xpressa handset.

More|Apps|Prefs|myxpressa web|<enter password>|

and unchecking "Enable Web Server". This change requires you to
reboot your phone.


Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

CAN-2004-XXXX PingTel Xpressa Denial of Service


@stake Vulnerability Reporting Policy:
http://www.atstake.com/research/policy/

@stake Advisory Archive:
http://www.atstake.com/research/advisories/

PGP Key:
http://www.atstake.com/research/pgp_key.asc

Copyright 2004 @stake, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQUXnyke9kNIfAm4yEQKQ+ACfba3yL2wtwN3ma3SL/rsLXEJEz1AAoNSw
lmdWLNMqScQ3QOT3z2rr5Qlg
=wSEZ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close