- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
VoIP customers of Avaya, Cisco and Nortel should look Wednesday for patches that correct newly found vulnerabilities that, if exploited, can result in remote code execution; unauthorized access; denial of service; and information harvesting.
The vulnerabilities were found by VoIPshield Laboratories and reported earlier to the three vendors in order to give them time to develop patches for the flaws, says Rick Dalmazzi, president and CEO of VoIPshield. Details of the vulnerabilities and the vendor responses are scheduled to be released Wednesday at noon Eastern time. Dalmazzi would not reveal more details because his company and the affected VoIP vendors agreed to a simultaneous announcement.
He says he believes two of the three vendors will have patches available Wednesday and the third will issue an advisory.
The vulnerabilities found affect voice servers -- VoIP PBXes -- and softphone software that runs on laptops and desktops, Dalmazzi says. (Compare IP PBX products.)
VoIPshield ranks most of the vulnerabilities found as either critical or high, the two most severe rankings on its four-step scale.
Avaya, Cisco and Nortel were chosen for vulnerability testing because they represent the bulk of IP PBX sales in North America, Dalmazzi says. The company has included Microsoft in its next round of testing, the results of which will come out in about four months.
VoIPshield Systems makes VoIP vulnerability testing software as well as an intrusion-prevention system designed for VoIP.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
The Foundry Enterprise Advantage
Foundry Networks, Inc. (NASDAQ: FDRY) is a leading provider of high-performance enterprise and service provider switching, routing, security and Web traffic management solutions. Foundry's customers include the world's premier ISPs, metro service providers, and enterprises.
For further information on Foundry Networks please click here.
Leveraging the Advantages
of a Multi-vendor Network Strategy
Today's enterprise network provides more than simply a technology infrastructure. It's an enabler for the enterprise, supporting mission critical applications, creating operational efficiencies and increasing productivity gains. Foundry Networks provides the ideal foundation for a multi-vendor network.
Click here to view whitepaper!
Comments (6)
VoIP Vulnerabilities versus Voice VulnerabilitiesBy Rick J on June 26, 2008, 11:21 pmClearly, it's important to find/fix vulnerabilities in VoIP applications. At the same time, there are a number of important and active risks posed by voice networks...
Reply | Read entire comment
VoIP Vulnerabilities versus Voice VulnerabilitiesBy Rick J on June 26, 2008, 7:20 pmClearly, it's important to find/fix vulnerabilities in VoIP applications. At the same time, there are a number of important and active risks posed by voice networks...
Reply | Read entire comment
i cant find anything about this on CCO; did anything transpire?By Anonymous on June 25, 2008, 7:43 pmi cant find anything about this on CCO; did anything transpire?
Reply | Read entire comment
so were is the annoucementBy Anonymous on June 25, 2008, 7:39 pmSo were is the noon annoucement
Reply | Read entire comment
Today is the day!By Anonymous on June 25, 2008, 3:50 pmThe announcement is only minutes away...I wonder if any of the big-name companies will be in the news this week (if they don't patch). A link to this article can...
Reply | Read entire comment
View all comments