Flaws Threaten VoIP Networks?
jdkane writes "CNET News reports that security flaws have been found in products that use VoIP and text messaging, including those from Microsoft and Cisco Systems. What's interesting, in Microsoft's case, is that the Internet Security and Acceleration Server product that's also affected is designed to help protect companies' networks from online attacks. Specifically, a filter used in the server that secures VoIP communications is vulnerable to the flaw."
But Cisco is just as vulnerable and wider spread as IOS 11.3 and greater is flawed
Wow that ought to really bolster a customer's confidence: NOt only are you saying this type of mistake is common in your experience, your excuse is "Hey we're only human"! Uh isn't that why you're supposed to have quality assurance?
I went to the city because I wished to live without deliberation.
Vulnerable (updates available): Cisco and Microsoft
Unknown: Avaya, Fujitsu, Hewlett-Packard, Lucent and Nortel
Safe: Apple, Hitachi, NetBSD, Red Hat and Symantec
Is that a point for Security through open source as the two open products are already in the safe pile?
Never underestimate the dark side of the Source
"...where could you find a reporter who would care?"
Nation Public Radio (WBUR 90.9MHz to you fellow Bostonians) for one. Believe it or not, the great unwashed masses are starting to become aware of the problem with Microsoft.
What about Open H.323.
Anyone know whether that project is going to be
suffering the same vunerability ?
just a buffer overflow. I'm not really surprised; sooner or later this was going to happen. I'm just surprised that it popped up in Cisco's case.
/. to the effect that we might see NT-based routers. IOS is too heavily leveraged in Cisco's products, but the actual processes and services that run on it could come from anybody.
Altho, as I think about it, I get the feeling that Cisco got a bunch of network multimedia handling code from MS. I remember back in '98 or '99, they announced a software partnership w/ MS, causing much hand-wringing on
The fact that this looks to a few vendors (MS and Cisco being the biggies), and knowing how MS looks to diversify only makes me wonder how much of MS's wonderful code has managed to worm it's way into the other devices I use...
Hmm... Maybe this had something to do w/ all the dreadful STP and bridging issues I had on the Catalyst 8540 platform...
The current H.323 flaw is based on bugs on the ASN.1 parser used in these products. The big bugs in almost all SNMP implementations a year ago or so also was based in ASN.1 parsing failures. Many openssl bugs are based in ASN.1 parsing failures.
The linux kernel 2.6 just got ASN.1 parsing INSIDE THE KERNEL in order to implement AUTH_KERB as part of the NFS/Kerberos client. Expect ASN.1 parsing based bugs inside the Linux kernel real soon now.