[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Linksys WIP 330 VoIP wireless phone crash fromNmap scan

To: pingywon <pingywon@xxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Linksys WIP 330 VoIP wireless phone crash fromNmap scan
From: "Shawn Merdinger" <shawnmer@xxxxxxxxx>
Date: Thu, 7 Dec 2006 22:53:07 -0800

Hi,

Yes, this is an extraordinarily lame bug, but that's sort of the point
with many of these VoIP phones, both wired and wireless.  They are a
new class of device going onto networks and tend to be kind of sucky
when it comes to what I'd consider *expected customer environment tool
runs* like Nmap and Nessus, not to mention plenty of others such as
ISIC, Protos, Asteroid, <insert fuzzer-o'-the-day-here>...and that's
just sticking with the free stuff.

I didn't find the bug anyways, I just reported it to Linksys and then
FD.  And even though I'm poking around with a bunch of VoIP phones on
my own time and dime, I don't own one of these WIP 330s.

Anyway, you seem happy with your WIP 330...once you got it configured...
http://www.trixbox.org/modules/newbb/viewtopic.php?topic_id=5974&forum=3#forumpost23445

Say, if you have the cycles for some free vendor QA, and since you
have a WIP 330 in hand, maybe you can find something much cooler with
that PhoneCtl.exe crash and get back to us?

Thanks,
--scm

On 12/7/06, pingywon <pingywon@xxxxxxxxxxx> wrote:
>
>  "The crash
> > appears related to PhoneCtl.exe running on the phone's Windows CE 4.2
> > operating system."
>
> "Let me take a look at that screenshot again..."
>
> http://www.flickr.com/photos/metalmijn/295348294/
>
> "Heck buddy, you appear correct"
>
> ~p
>
>
>
>
>
> ----- Original Message -----
> From: "Shawn Merdinger" <shawnmer@xxxxxxxxx>
> To: <full-disclosure@xxxxxxxxxxxxxxxxx>
> Sent: Wednesday, December 06, 2006 1:40 PM
> Subject: [Full-disclosure] Linksys WIP 330 VoIP wireless phone crash
> fromNmap scan
>
>
> > Vulnerability Description
> > ==================
> > The Linksys WIP 330 VoIP wireless phone will crash when a full
> > port-range Nmap scan is run against its IP address.
> >
> >
> > Linksys WIP 330 Firmware Version
> > ==========================
> > 1.00.06A
> >
> >
> > Nmap scan command
> > ================
> > nmap -P0 <WIP 330 ip address> -p 1-65535
> >
> >
> > Impact
> > =====
> > The crash is only after Nmap has finished. The Nmap scan also seems to
> > disrupt updating of the display as the clock is not updated. The crash
> > appears related to PhoneCtl.exe running on the phone's Windows CE 4.2
> > operating system.
> >
> > Screenshot of the crash: http://www.flickr.com/photos/metalmijn/295348294/
> >
> >
> > Credit
> > ====
> > Credit for discovering this vulnerability goes to Armijn Hemel
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Linksys WIP 330 VoIP wireless phone crash fromNmap scan
  - From: pingywon

References:
- [Full-disclosure] Linksys WIP 330 VoIP wireless phone crash from Nmap scan
  - From: Shawn Merdinger
- Re: [Full-disclosure] Linksys WIP 330 VoIP wireless phone crash fromNmap scan
  - From: pingywon

Prev by Date: [Full-disclosure] Orkut Multiple Cross Site Scripting Vulnerabilities
Next by Date: [Full-disclosure] What was the name of the web site ...
Previous by thread: Re: [Full-disclosure] Linksys WIP 330 VoIP wireless phone crash fromNmap scan
Next by thread: Re: [Full-disclosure] Linksys WIP 330 VoIP wireless phone crash fromNmap scan
Index(es):
- Date
- Thread