• silicon.com
• Technology
• Networks

By Marguerite Reardon, 25 May 2005 08:55

NEWS A software flaw that could crash Cisco's internet protocol phones has been discovered and the networking company has issued a patch to fix the problem.

The flaw, which opens the IP phone service up to denial-of-service attacks, was reported by the National Infrastructure Security Co-ordination Centre, a security research group based in the UK. It gave the Domain Name System (DNS) protocol vulnerability, which also affects other software, a "moderate risk" warning.

The flaw is associated with Cisco IP phones running the DNS protocol. DNS handles the translation of domain names into IP addresses. DNS servers are located throughout the internet to perform this translation and to ensure that IP packets arrive at their proper destinations.

To expedite lookups on DNS servers, log files are often compressed. According to the advisory, the vulnerability is caused by an error that occurs during the decompression of compressed DNS messages. The flaw can be exploited using specially crafted DNS packets containing invalid information in the compressed section of the message. This results in an error in processing on the IP phones, which could cause the phones to malfunction or crash.

In an advisory issued by Cisco, the company said the only products impacted are DNS clients, which run on its IP phones and content-networking products. The security flaw does not appear in products performing DNS server functions or DNS packet inspection. Affected products include Cisco IP Phones 7902/7905/7912; Cisco ATA (Analog Telephone Adaptor) 186/188; and several Cisco Unity Express and Cisco ACNS (Application and Content Networking System) devices.

Cisco has posted a complete list of affected products on its website. It said it has also developed a free software upgrade to fix the problem.

Other vendors also use the DNS protocol in their products, which may also be vulnerable, according to an advisory from the French Security Incident Response Team, or FrSIRT. Users should contact their vendors for more information about affected products and fixes, the group said.

Marguerite Reardon writes for CNET News.com

CNET News.com's Joris Evers contributed to this report