Cisco Systems Inc. had to quickly abandon its hope for an
uneventful Black Hat USA 2006 conference Wednesday after a pair of
presenters revealed a zero-day exploit for Cisco CallManager
Express.
David Endler, director of security research for the TippingPoint
division of Marlborough, Mass.-based 3Com Corp., and Mark Collier,
CTO of San Antonio-based telephony management vendor SecureLogix
Corp., authors of the book Hacking Exposed VoIP, told Black
Hat attendees that the networking giant's CallManager Express VoIP
management software is vulnerable to a flaw in which a remote user
can supply specially crafted SIP requests to gain information from
the SIP user directory, including the names of the users stored in
the SIP user database.
San Jose, Calif.-based Cisco has
confirmed the SIP user directory information disclosure flaw in a
bulletin on its Web site and the presenters' proof-of-concept
exploit. Cisco was notified of the flaw in advance of Black
Hat.
"It is important to note that the attacks described do not
disrupt VoIP call processing or voice mail access," Cisco said in
the advisory, also noting that the standard edition of CallManager
is not affected.
A patch is not yet available, but Cisco said it is investigating
the problem and will provide further information when it becomes
available. "Cisco's recommended best practice of implementing the
VoIP infrastructure and data devices on separate VLANs would
prevent malicious users from launching such attacks against the
VoIP network," the advisory said.
This marks the second year in a row that a vulnerability in a
Cisco product has been revealed at Black Hat. Last year, security
researcher
Michael Lynn revealed the details of a serious IOS flaw,
causing an
opening day buzz among attendees and forcing
Cisco to file an injunction against Lynn and Black Hat
organizers. The legal action was quickly settled.
GroupWise flaws could enable arbitrary code
execution
The French Security Incident Response Team (FrSIRT) has
identified
a pair of cross-site scripting vulnerabilities in Novell
GroupWise that could be exploited by attackers to execute
arbitrary scripting code.
"These flaws are due to unspecified input validation errors when
handling certain tags and parameters," FrSIRT said, "which could be
exploited by attackers to cause arbitrary scripting code to be
executed by the user's browser in the security context of an
affected Web site."
Deemed moderate risk, the flaws affect GroupWise version 6.x.
Novell has
confirmed the flaws and recommends that customers upgrade to
GroupWise 6.5 Post SP6 WebAccess Rev D.
Mozilla issues another Firefox update
It was just last week when the
Mozilla Foundation issued updates patching 13 security flaws in
Firefox Web browser, Thunderbird email client and SeaMonkey
all-in-one Internet application suite.
However, Mozilla early Thursday issued Firefox
version 1.5.0.6, calling it a stability update to address an
issue with Windows Media content.
In a post on its
blog, the Bethesda, Md.-based SANS Internet Storm Center said
the specific problem involves a relatively minor issue with
"mms://" and related multi-media URLs that have been broken in
1.5.0.5.
"Apparently," said SANS ISC handler Jim Clausing, "not all
updates rushed out while a Black Hat conference is going on have a
sinister reason."