Details of VAR-200704-0461

ID

VAR-200704-0461

CVE

CVE-2007-2270

TITLE

Linksys SPA941 \377 Character Denial of Service Vulnerability

Trust: 0.9

sources: BID: 23619 // CNNVD: CNNVD-200704-509

DESCRIPTION

The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request. Linksys SPA941 phones are prone to a remote denial-of-service vulnerability. Linksys SPA941 is a 2-wire or 4-wire IP phone. The Linksys SPA941 phone does not correctly handle the \377 character in the SIP message. If the attacker contains the above character in any part of the FROM header of the sent message, it may cause the phone to restart; if the character is in other positions, it may modify the phone's Generate the content of the reply message. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability is caused due to an error in the processing of SIP messages. This can be exploited to reboot the phone by sending specially crafted SIP messages containing "\337" characters. The vulnerability is reported in software version 5.1.5. Other versions may also be affected. SOLUTION: Use only in a trusted network environment. PROVIDED AND/OR DISCOVERED BY: Radu State ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053959.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-2270 // JVNDB: JVNDB-2007-003751 // BID: 23619 // VULHUB: VHN-25632 // PACKETSTORM: 56231

AFFECTED PRODUCTS

vendor:	linksys	model:	spa941	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco linksys	model:	spa941	scope:	-	version:	-	Trust: 0.8
vendor:	linksys	model:	spa941	scope:	-	version:	-	Trust: 0.6
vendor:	linksys	model:	spa941 voip phone	scope:	eq	version:	0	Trust: 0.3

sources: BID: 23619 // JVNDB: JVNDB-2007-003751 // CNNVD: CNNVD-200704-509 // NVD: CVE-2007-2270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-2270
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-2270
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200704-509
value:	HIGH
Trust: 0.6
VULHUB:	VHN-25632
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-2270
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-25632
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-25632 // JVNDB: JVNDB-2007-003751 // CNNVD: CNNVD-200704-509 // NVD: CVE-2007-2270

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2270

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-509

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200704-509

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-003751

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-25632

PATCH

title:

Linksys

url:

http://home.cisco.com/en-apac/home

Trust: 0.8

sources: JVNDB: JVNDB-2007-003751

EXTERNAL IDS

db:	NVD	id:	CVE-2007-2270	Trust: 2.5
db:	BID	id:	23619	Trust: 2.0
db:	SECUNIA	id:	25031	Trust: 1.8
db:	EXPLOIT-DB	id:	3791	Trust: 1.7
db:	EXPLOIT-DB	id:	3792	Trust: 1.7
db:	VUPEN	id:	ADV-2007-1532	Trust: 1.7
db:	SECTRACK	id:	1017957	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-003751	Trust: 0.8
db:	CNNVD	id:	CNNVD-200704-509	Trust: 0.7
db:	XF	id:	941	Trust: 0.6
db:	XF	id:	33856	Trust: 0.6
db:	MILW0RM	id:	3792	Trust: 0.6
db:	MILW0RM	id:	3791	Trust: 0.6
db:	FULLDISC	id:	20070424 LINKSYS SPA941 REMOTE DOS WITH \377 CHARACTER	Trust: 0.6
db:	VULHUB	id:	VHN-25632	Trust: 0.1
db:	PACKETSTORM	id:	56231	Trust: 0.1

sources: VULHUB: VHN-25632 // BID: 23619 // JVNDB: JVNDB-2007-003751 // PACKETSTORM: 56231 // CNNVD: CNNVD-200704-509 // NVD: CVE-2007-2270

REFERENCES

url:	http://lists.grok.org.uk/pipermail/full-disclosure/2007-april/053959.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/23619	Trust: 1.7
url:	http://www.securitytracker.com/id?1017957	Trust: 1.7
url:	http://secunia.com/advisories/25031	Trust: 1.7
url:	https://www.exploit-db.com/exploits/3791	Trust: 1.1
url:	https://www.exploit-db.com/exploits/3792	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/1532	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/33856	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2270	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2270	Trust: 0.8
url:	http://www.milw0rm.com/exploits/3792	Trust: 0.6
url:	http://www.milw0rm.com/exploits/3791	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/33856	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/1532	Trust: 0.6
url:	http://www.linksys.com	Trust: 0.3
url:	http://www.linksys.com/servlet/satellite?c=l_product_c2&childpagename=us%2flayout&cid=1139414816993&pagename=linksys%2fcommon%2fvisitorwrapper&lid=1699354250b08	Trust: 0.3
url:	http://madynes.loria.fr	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/14032/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/network_software_inspector/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/25031/	Trust: 0.1

sources: VULHUB: VHN-25632 // BID: 23619 // JVNDB: JVNDB-2007-003751 // PACKETSTORM: 56231 // CNNVD: CNNVD-200704-509 // NVD: CVE-2007-2270

CREDITS

Radu State state@loria.fr

Trust: 0.6

sources: CNNVD: CNNVD-200704-509

SOURCES

db:	VULHUB	id:	VHN-25632
db:	BID	id:	23619
db:	JVNDB	id:	JVNDB-2007-003751
db:	PACKETSTORM	id:	56231
db:	CNNVD	id:	CNNVD-200704-509
db:	NVD	id:	CVE-2007-2270

LAST UPDATE DATE

2025-04-10T23:11:37.977000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-25632	date:	2017-10-11T00:00:00
db:	BID	id:	23619	date:	2007-04-24T17:10:00
db:	JVNDB	id:	JVNDB-2007-003751	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200704-509	date:	2007-04-26T00:00:00
db:	NVD	id:	CVE-2007-2270	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-25632	date:	2007-04-25T00:00:00
db:	BID	id:	23619	date:	2007-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2007-003751	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	56231	date:	2007-05-02T02:17:18
db:	CNNVD	id:	CNNVD-200704-509	date:	2007-04-25T00:00:00
db:	NVD	id:	CVE-2007-2270	date:	2007-04-25T20:19:00