Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2009-1048 to a friend New vulnerability? New tool? Tell us	CVE-2009-1048 Snom VoIP/SIP Phone Authentication Bypass of Web Interface     Credit: The information has been provided by Walter Sprenger. The original article can be found at: http://www.csnc.ch/en/downloads/advisories.html Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2009-1048 Details Check for CVE-2009-1048 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Snom360 linux 3.25/snom360-SIP 6.5.17  * Snom360 linux 3.25/snom360-SIP 6.5.18  * Snom360-SIP 7.1.30  * Snom360-SIP 7.1.35 14552  * Snom300, Snom320, Snom370 and Snom820 with firmware versions below 6.5.20, 7.1.39 and 7.3.14 Immune Systems:  * Snom Firmware version 6.5.20  * Snom Firmware version 7.1.39  * Snom Firmware version 7.3.14 The web interface of the Snom VoIP/SIP phones is protected by Basic Authentication or Digest Authentication. The authentication can be completely bypassed by modifying the HTTP request. A normal browser sets the request header "Host:" to the IP address or the host name that is entered in the URL field of the browser. If the request header is modified to contain the value "Host: 127.0.0.1", all pages and functions of the web interface can be reached without prompting the user to authenticate. Access to the web interface without authentication enables a malicious user to: - call expensive numbers - listen to the phone conversation by capturing the network traffic - read SIP username and password - read and modify all configuration parameters of the phone - redirect phone calls to another VoIP server - activate the microphone and listen to the conversation in the room Test: curl -H "Host: 127.0.0.1" http:/// curl -k -H "Host: 127.0.0.1" https:/// If the phone is vulnerable, the index page of the web interface is returned. If the phone is not vulnerable, an "HTTP/1.1 401 Unauthorized" response is returned. Workaround Disable the web interface until a firmware upgrade is installed. CVE Information: CVE-2009-1048 Disclosure Timeline: March 19, 2009 Vendor Notified March 19, 2009 Vendor Replied March 30, 2009 Vulnerability confirmed Vendor Response: Problem fixed in firmware version 7.1.39/7.3.14. Problem will be fixed in version 6. Patch available: Firmware upgrade to versions 6.5.20, 7.1.39, 7.3.14 and above  Comments on CVE-2009-1048:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®