Linksys WIP 330 'PhoneCtrl.exe'端口扫描拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192589 漏洞类型 其他
发布时间 2006-12-09 更新时间 2006-12-11
CVE编号 CVE-2006-6411 CNNVD-ID CNNVD-200612-171
漏洞平台 N/A CVSS评分 7.8
|漏洞来源
https://cxsecurity.com/issue/WLB-2006120081
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-171
|漏洞详情
LinksysWIP330是一款VoIP网络无绳电话机。LinksysWIP330在处理端口扫描时存在漏洞,远程攻击者可能利用此漏洞对设备执行拒绝服务攻击。如果使用如下命令对WIP330的IP地址执行全端口范围的Nmap扫描的话:nmap-P0-p1-65535则在Nmap扫描结束时,PhoneCtrl.exe就会崩溃。
|漏洞EXP
Vulnerability Description
==================
The Linksys WIP 330 VoIP wireless phone will crash when a full
port-range Nmap scan is run against its IP address.

Linksys WIP 330 Firmware Version
==========================
1.00.06A

Nmap scan command
================
nmap -P0 <WIP 330 ip address> -p 1-65535

Impact
=====
The crash is only after Nmap has finished. The Nmap scan also seems to
disrupt updating of the display as the clock is not updated. The crash
appears related to PhoneCtl.exe running on the phone's Windows CE 4.2
operating system.

Screenshot of the crash: http://www.flickr.com/photos/metalmijn/295348294/

Credit
====
Credit for discovering this vulnerability goes to Armijn Hemel
|参考资料

来源:BID
名称:21475
链接:http://www.securityfocus.com/bid/21475
来源:BUGTRAQ
名称:20061207LinksysWIP330VoIPwirelessphonecrashfromNmapscan
链接:http://www.securityfocus.com/archive/1/archive/1/453754/100/0/threaded
来源:VUPEN
名称:ADV-2006-4894
链接:http://www.frsirt.com/english/advisories/2006/4894
来源:SECUNIA
名称:23256
链接:http://secunia.com/advisories/23256
来源:XF
名称:linksys-wip330-phonectrl-dos(30771)
链接:http://xforce.iss.net/xforce/xfdb/30771
来源:SREASON
名称:2009
链接:http://securityreason.com/securityalert/2009
来源:FULLDISC
名称:20061206LinksysWIP330VoIPwirelessphonecrashfromNmapscan
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051140.html