Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP

[3APA3A <3APA3A () SECURITY NNOV RU>]

Dear Florian Weimer,

It's different thing. Any infrastructure based on Windows is under risk.
But it's not because VoIP uses ASN.1.

--Wednesday, February 18, 2004, 12:32:10 AM, you wrote to 3APA3A () SECURITY NNOV RU:

FW> 3APA3A wrote:

> > ASN.1  is  used  by  many  services,  but  all  use different underlying
> > protocols.  It's  not  likely  NetMeeting or MS ISA server to be primary
> > attack  targets.  Attack  against  MS  IPSec  implementation,  Exchange,
> > SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP
> > infrastructure  (except  connectivity  degradation  because  of  massive
> > traffic).

FW> I wish your assessment were true, but it's not.  Cisco Call Manager is
FW> based on Windows, and Cisco still has to certify the patches Microsoft
FW> released.

FW> It's sad that Microsoft apparently hasn't used those six months to
FW> properly coordinate the issue with OEM vendors.


-- 
~/ZARAZA
Ну а теперь, Уильям, хорошенько поразмыслите над данным письмом. (Твен)