Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25803
HistoryFeb 28, 2011 - 12:00 a.m.

DoS Condition with Altigen VoIP Phone Systems

2011-02-2800:00:00
vulners.com
11
JSON

If you run a NMAP network scan against the IP of the phone server, it
will crash the Altigen's Gateway service, rendering the system useless
until rebooted. All information saved in the phone system at the time
is lost.

Port 5061 crashes due to HEAP Overflow. Following message:

Application popup: Microsoft Visual C++ Debug Library : Debug Error!
Program: C:\AltiServ\Exe\altigateway.exe
HEAP CORRUPTION DETECTED: after Normal block (#13414021) at 0x08E1C270.
CRT detected that the application wrote to memory after end of heap buffer.

Specifics:
ANY workstations running NMAP on the LAN with knowledge of the phone
system's IP address.
Special permissions are not needed.
Crash occurs with 15 seconds of scanning on a 100 Mb line.

Exploitation:
This is remotely exploitable from anywhere on the Internet with access
to ANY Altigen service port.

Platform:
Windows Server 2008, fully updated, firewall enabled with ports opened
for Altigen services.

Solution:
Vendor is releasing patch for this issue in next revision. Binding
outbound traffic to just PRI/Trunk seems to mitigate the issue.

JSON