May 24, 2005 4:42 PM PDT
Cisco targets Net phone software flaw
- Related Stories
Cisco finds more security flaws in router softwareJanuary 26, 2005
Cisco finds security flaw in router softwareJanuary 21, 2005
Cisco flaw opens networks to attacksAugust 19, 2004
The flaw, which opens the IP phone service up to denial-of-service attacks, was reported by the National Infrastructure Security Co-ordination Centre, a security research group based in the U.K. In its warning, it gave the Domain Name System protocol vulnerability, which also affects other software, a "moderate risk" warning.
The flaw is associated with Cisco IP phones running the DNS protocol. DNS handles the translation of domain names into IP addresses. DNS servers are located throughout the Internet to perform this translation and to ensure that IP packets arrive at their proper destinations.
To expedite lookups on DNS servers, log files are often compressed. According to the advisory, the vulnerability is caused by an error that occurs during the decompression of compressed DNS messages. The flaw can be exploited using specially crafted DNS packets containing invalid information in the compressed section of the message. This results in an error in processing on the IP phones, which could cause the phones malfunction or crash.
In an advisory issued by Cisco, the company said the only products impacted are DNS clients, which run on its IP phones and content-networking products. The security flaw does not appear in products performing DNS server functions or DNS packet inspection. Affected products include Cisco IP Phones 7902/7905/7912; Cisco ATA (Analog Telephone Adaptor) 186/188; and several Cisco Unity Express and Cisco ACNS (Application and Content Networking System) devices.
Cisco has posted a complete list of affected products on its Web site. It said it has also developed a free software upgrade to fix the problem.
Other vendors also use the DNS protocol in their products, which also may be vulnerable, according to an advisory from the French Security Incident Response Team, or FrSIRT. Users should contact their vendors for more information about affected products and fixes, the group said.
CNET News.com's Joris Evers contributed to this report.