Full Disclosure mailing list archives
Re: ASN.1 telephony critical infrastructure warning - VOIP
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 17 Feb 2004 19:09:42 +0300
Dear Gadi Evron, ASN.1 is used by many services, but all use different underlying protocols. It's not likely NetMeeting or MS ISA server to be primary attack targets. Attack against MS IPSec implementation, Exchange, SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP infrastructure (except connectivity degradation because of massive traffic). And these applications are more likely to be attack target. --Tuesday, February 17, 2004, 6:37:53 PM, you wrote to bugtraq () securityfocus com: GE> I apologize, but I am using these mailing lists to try and contact the GE> different */CERT teams for different countries. GE> As we all know, ASN.1 is a new very easy to exploit vulnerability. It GE> attacks both the server and the end user (IIS and IE). GE> We expect a new massive worm to come out exploiting this vulnerability GE> in the next few days. GE> Why should this all interest you beyond it being the next blaster? GE> ASN is what VOIP is based on, and thus the critical infrastructure for GE> telephony which is based on VOIP. GE> This may be a false alarm, but you know how worms find their way into GE> every network, private or public. It could (maybe) potentially bring the GE> system down. GE> I am raising the red flag, better safe than sorry. GE> The two email messages below are from Zak Dechovich and myself on this GE> subject, to TH-Research (The Trojan Horses Research Mailing List). The GE> original red flag as you can see below, was raised by Zak. Skip to his GE> message if you like. GE> Gadi Evron. GE> Subject: [TH-research] */CERT people: Critical Infrastructure and ASN.1 GE> - VOIP [WAS: Re: GE> [TH-research] OT: naming the fast approaching ASN.1 worm] GE> Mail from Gadi Evron <ge () linuxbox org> GE> All the */CERT people on the list: GE> If you haven't read the post below, please do. GE> Anyone checked into the critical infrastructure survivability of an ASN GE> worm hitting? phone systems could possibly go down. We all know how GE> worms find their way into any network, private or otherwise. and VOIP GE> systems (which phone systems are based on nowadays) could go down. GE> Heads-up! Finds them contingency plans.. :o) GE> Any information would be appreciated, or if you need more information GE> from us: +972-50-428610. GE> Gadi Evron. GE> Zak Dechovich wrote:
Mail from Zak Dechovich <ZakGroups () SECUREOL COM> May I suggest the following: ASN1 is mainly used for the telephony infrastructure (VoIP), any code that attacks this infrastructure can be assigned with 'VoIP' prefix, followed by the attacked vendor (cisco, telrad, microsoft, etc.). for example, if (when) Microsoft's h323 stack will be attacked, the name should be VoIP.ms323.<variant>, or if Cisco's gatekeepers will crash,
GE> lets
call it VoIP.csgk.<variant> Your thoughts ? Zak Dechovich, Zak Dechovich, Managing Director SecureOL Ltd. Mobile: +972 (53) 828 656 Office: +972 (2) 675 1291 Fax: +972 (2) 675 1195
GE> - GE> TH-Research, the Trojan Horses Research mailing list. GE> List home page: http://ecompute.org/th-list GE> _______________________________________________ GE> Full-Disclosure - We believe in it. GE> Charter: http://lists.netsys.com/full-disclosure-charter.html -- ~/ZARAZA Сэр Исаак Ньютон открыл, что яблоки падают на землю. (Твен) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ASN.1 telephony critical infrastructure warning - VOIP Gadi Evron (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Michal Zalewski (Feb 17)
- RE: ASN.1 telephony critical infrastructure warning - VOIP Zak Dechovich (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Michael Samuel (Feb 18)
- Re: ASN.1 telephony critical infrastructure warning - VOIP jan . muenther (Feb 18)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Valdis . Kletnieks (Feb 18)
- Re: ASN.1 telephony critical infrastructure warning - VOIP jan . muenther (Feb 18)
- RE: ASN.1 telephony critical infrastructure warning - VOIP Zak Dechovich (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Michal Zalewski (Feb 17)
- RE: ASN.1 telephony critical infrastructure warning - VOIP David Wilson (Feb 23)
- Re: ASN.1 telephony critical infrastructure warning - VOIP daniel uriah clemens (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Florian Weimer (Feb 17)
- Re[2]: ASN.1 telephony critical infrastructure warning - VOIP 3APA3A (Feb 18)
- <Possible follow-ups>
- RE: ASN.1 telephony critical infrastructure warning - VOIP John LaCour (Feb 17)
- Re: ASN.1 telephony critical infrastructure warning - VOIP Joseph M Hoffman (Feb 19)