Re: Multiple vulnerabilities in Avaya Argent Office

From: Russell Garrett (rgat_private)
Date: Thu Sep 12 2002 - 13:13:23 PDT

Next message: Fernando Nunes: "bugtraq.c httpd apache ssl attack"

Previous message: Curator at Security Digest Archives: "[securitydigest.org]: Changes in August/September 2002"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

With regards to the original e-mail to this list (mirrored at the URL
http://www.securiteam.com/securitynews/5SP012055O.html), this reply was
sent to the independent NA-Resellers Avaya Alchemy/IP Office list:

> -----Original Message-----
> From: Natrjak [mailto:natrjakat_private]
> Sent: 12 September 2002 20:23
> To: NAResellersat_private
> Subject: Re: [NA-Resellers] Interesting web site
>
>
> Wrt the issues raised at this site :-
>
> 1)    Fixed in Argent Branch/Office 2.2.60
> 2)    Password can be cracked.  Hacker needs to be on local LAN.
> The who-is
> packet can be filtered by use of a switching device placed
> between directly
> between PBX and all non trusted users, or by ensuring the Manager only
> resides on the local Subnet and all users of this local subnet are
> "trusted".
> 3)    The SNMP community string used for the Alchemy/IP Office range of
> Equipment is [Public].  This is hard coded and cannot be changed.  So no
> real threat here, as if other devices on Network are configurable via SNMP
> (which the Alchemy/IP Office isn't) then they should be set to
> the customers
> real community string and NOT [Public].
> 4)    Yes the TFTP request for Hold Music uses broadcast address
> 255.255.255.255 This will only reach PC's on the local subnet if
> on a routed
> network.  If someone on your local net has a TFTP Server or
> Manager running
> then the IT guy should know about it.  If you feel it is a problem place a
> switching device on the local subnet so only the PC required to respond to
> this broadcast can see it.  Down to administration of local LAN I would
> suggest.
>
> Happy reading.
>
>
> Nat. R. Jacks

Nat. R. Jacks purports to be from Avaya/Network Alchemy. Obviously these
issues range from annoying to just plain wrong depending on your setup. The
IP Office/Alchemy must be connected to the company network for PC-based call
handling to work. The unit is also easily crashable from the local LAN using
numerous bad packets on the ports used by the User and Administrative
applications, although I've lost records of those, it's fairly easy to find
them by sending packets to those ports.

----------------------------------------------------------------------------
Russ Garrett                                             russat_private
                                                  http://russ.garrett.co.uk.

Next message: Fernando Nunes: "bugtraq.c httpd apache ssl attack"
Previous message: Curator at Security Digest Archives: "[securitydigest.org]: Changes in August/September 2002"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 10:09:19 PDT