The Register® — Biting the hand that feeds IT

Feeds

Crash bug blights Cisco IP phones

Firmware flaw

By John Leyden, 22nd August 2007
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Cisco has advised users to update the firmware on some of its IP phones following the discovery of two security flaws.

A brace of Session Initiation Protocol (SIP) vulnerabilities in Cisco 7940/7960 IP Phones create the potential for hackers to crash - but not to run exploit code - on vulnerable handsets.

SIP is a signalling protocol for VoIP. The protocol can be used to create two-party, multiparty, or multicast sessions.

Cisco IP Phone 7940/7960 SIP firmware versions prior to 8.7(0) are vulnerable to the denial of service attacks, Cisco warns. Users are advised to update their firmware to version 8.7(0), as explained in its advisory here.

More detail on the vulnerabilities can be found in posts (here and here) to full disclosure mailing lists by the independent security researchers (Radu State, Humberto J Abdelnur, and Olivier Festor) who discovered the bugs. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (6)
Latest Comments
Chris

Perfectly happy

We've been using VoIP for about 4 years, largely cisco 7960 handsets.

Got to say that I'm really happy with the setup we have, it works really well.

Must check that all of our handsets are running the latest firmware version though, not aware of any crashing problems.

0
0
Anonymous Coward
Anonymous Coward

CTI popups and crappy quality

No, nobody I know is happy with the quality of VOIP audio, the way the quality degrades when network useage increases or the almost satellite like delays which randomly occur. As for the CTI software, forget it, it's more hassle than it's worth, epsecially with hotdesking.

0
0
Anonymous Coward
Anonymous Coward

Not Spin, just SIP

Unless I have totally mis-read the article and Cisco's release, they are not implying that you have to be hacking SIP. They are saying that the problem appears only on the SIP firmware load not the SCCP firmware load. Cisco would really prefer people using their VOIP phones to buy into the entire ecosystem of Call Managers, Unity VM, etc, and their SCCP signaling rather than the standards based SIP signaling. I have actually had more problems with Cisco phones rebooting due to moving the phone when the RJ-45 connection is not tight and loosing the PoE.

0
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19