Security threats Toolkit

NISCC warns on Cisco IP phone flaw

Marguerite Reardon CNET News

Published: 25 May 2005 10:10 BST

A software flaw that could crash Cisco's IP phones has been discovered, and the networking company has issued a patch to fix the problem.

The flaw, which opens the IP phone service up to DoS attacks, was reported by the National Infrastructure Security Co-ordination Centre, the Government's cybersecurity group, in its warning, it gave the DNS protocol vulnerability, which also affects other software, a "moderate risk" warning.

To expedite lookups on DNS servers, log files are often compressed. According to the advisory, the vulnerability is caused by an error that occurs during the decompression of compressed DNS messages. The flaw can be exploited using specially crafted DNS packets containing invalid information in the compressed section of the message. This results in an error in processing on the IP phones, which could cause the phones malfunction or crash.

In an advisory issued by Cisco, the company said the only products impacted are DNS clients, which run on its IP phones and content-networking products. The security flaw does not appear in products performing DNS server functions or DNS packet inspection. Affected products include Cisco IP Phones 7902/7905/7912; Cisco ATA (Analog Telephone Adaptor) 186/188; and several Cisco Unity Express and Cisco ACNS (Application and Content Networking System) devices.

Cisco has posted a complete list of affected products on its Web site. It said it has also developed a free software upgrade to fix the problem.

Other vendors also use the DNS protocol in their products, which also may be vulnerable, according to an advisory from the French Security Incident Response Team. Users should contact their vendors for more information about affected products and fixes, the group said.

CNET News.com's Joris Evers contributed to this report.