Cisco Systems Inc. has been trying to reproduce a PIX firewall
security hole outlined by a researcher during the Black Hat USA
2006 conference in Las Vegas earlier this month. So far,
the company has been unsuccessful.
Hendrik Scholz, lead VoIP developer and systems engineer with
Freenet Cityline of Germany,
announced the existence of the flaw at the end of his
presentation on SIP stack fingerprinting and attacks Aug. 2, the
first day of the conference.
His final slide appeared to feature limited details on an
undisclosed flaw related to the Session Initiation Protocol (SIP)
in the San Jose, Calif.-based networking giant's PIX series of
firewalls and security appliances.
SearchSecurity.com learned that the information Scholz shared
during his presentation involved the use of a proxy server to ring
multiple phones simultaneously in conjunction with SIP "fixup"
command. Essentially it pokes a hole through a PIX firewall to
allow SIP data to pass through and potentially allows for the
spoofing of a source device, in this case a telephony handset.
Scholz was working with Cisco and the United States Computer
Emergency Readiness Team (US-CERT) on the matter, and was giving
the networking giant time to address any outstanding
vulnerabilities before disclosing more details.
But as of Tuesday, Cisco had been unable to confirm the flaw
exists.
"We've been working with Mr. Scholz ever since his disclosure in
order to re-create this vulnerability," Cisco spokesman John Noh
said in an email. "So far, we have not been able to reproduce the
issue and therefore cannot confirm his claim."
Nevertheless, he said Cisco will keep testing and will issue a
new security advisory as new information becomes available.
Information Security magazine Editor-in-Chief Michael S.
Mimoso contributed to this report.