---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Grandstream BudgeTone Denial of Service Vulnerability SECUNIA ADVISORY ID: SA16438 VERIFY ADVISORY: http://secunia.com/advisories/16438/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Grandstream BudgeTone 100 Series SIP Phones http://secunia.com/product/5537/ DESCRIPTION: Pierre Kroma has reported a vulnerability in Grandstream BudgeTone 100 Series SIP Phones, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing large UDP datagrams and can be exploited by sending a large UDP datagram (more than 65534 bytes) to port 5060/udp. Successful exploitation causes the phone to stop working by aborting active calls, blank the display, and make the integrated HTTP server become inaccessible. The vulnerability has been reported in firmware release 1.0.6.7. Other versions may also be affected. SOLUTION: Use the phones on trusted networks only. PROVIDED AND/OR DISCOVERED BY: Pierre Kroma, SySS. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------