[33817] in bugtraq
Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
daemon@ATHENA.MIT.EDU (3APA3A)
Wed Feb 18 18:14:20 2004
Date: Wed, 18 Feb 2004 10:58:07 +0300
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Reply-To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Message-ID: <1937448633.20040218105807@SECURITY.NNOV.RU>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Gadi Evron <ge@egotistical.reprehensible.net>, bugtraq@securityfocus.com,
full-disclosure@lists.netsys.com,
Zak Dechovich <ZakGroups@secureol.com>
In-Reply-To: <20040217213210.GA3816@deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit
Dear Florian Weimer,
It's different thing. Any infrastructure based on Windows is under risk.
But it's not because VoIP uses ASN.1.
--Wednesday, February 18, 2004, 12:32:10 AM, you wrote to 3APA3A@SECURITY.NNOV.RU:
FW> 3APA3A wrote:
>> ASN.1 is used by many services, but all use different underlying
>> protocols. It's not likely NetMeeting or MS ISA server to be primary
>> attack targets. Attack against MS IPSec implementation, Exchange,
>> SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP
>> infrastructure (except connectivity degradation because of massive
>> traffic).
FW> I wish your assessment were true, but it's not. Cisco Call Manager is
FW> based on Windows, and Cisco still has to certify the patches Microsoft
FW> released.
FW> It's sad that Microsoft apparently hasn't used those six months to
FW> properly coordinate the issue with OEM vendors.
--
~/ZARAZA
Ну а теперь, Уильям, хорошенько поразмыслите над данным письмом. (Твен)
