=====================================================================
                                     CERT-Renater

                          Note d'Information No. 2007/VULN130
_____________________________________________________________________

DATE                      : 21/03/2007

HARDWARE PLATFORM(S)      : CISCO Phone 7940.

OPERATING SYSTEM(S)       : Cisco IP Phone 7940/7960 SIP firmware.

======================================================================

Document ID: 87392


http://www.cisco.com/warp/public/707/cisco-sr-20070320-sip.shtml

Revision 1.0

For Public Release 2007 March 20 2230 UTC (GMT)

- ---------------------------------------------------------------------

Cisco Response
==============

This is Cisco PSIRT's response to the statements made by Radu State
in his message titled:

CISCO Phone 7940 DOS vulnerability

posted on 2007 March 20 0630 UTC (GMT).

The original email is available at:

http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053070.html

Cisco has confirmed the findings of the statements made. Cisco IP
Phone 7940/7960 SIP firmware version 7.4(0) is vulnerable to the
denial of service. Firmware version 8.6(0) is not vulnerable to this
issue. The latest firmware images for Cisco IP 7940/7960 phones can
be obtained here:

http://www.cisco.com/pcgi-bin/tablebuild.pl/sip-ip-phone7960

We would like to thank Radu State, Humberto J. Abdelnur and Olivier
Festor of the Madynes research team at INRIA for reporting these
issues to Cisco Systems.

We greatly appreciate the opportunity to work with researchers on
security vulnerabilities, and welcome the opportunity to review and
assist in product reports.

Additional Information
======================

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.

Revision History
================

+---------------------------------------+
| Revision |               | Initial    |
| 1.0      | 2007-March-20 | public     |
|          |               | release.   |
+---------------------------------------+

Cisco Security Procedures
=========================

Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices.  All Cisco security advisories are available at
http://www.cisco.com/go/psirt.

======================================================================

            =========================================================
            Les serveurs de référence du CERT-Renater
            http://www.urec.fr/securite
            http://www.cru.fr/securite
            http://www.renater.fr
            =========================================================
            + CERT-RENATER          | tel : 01-53-94-20-44          +
            + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
            + 75013 Paris           | email: certsvp@renater.fr     +
            =========================================================