Cisco iPhone crashed by Nmap

[Fyodor <fyodor () insecure org>]

The Inquirer has an article[1] which mentions reports that some Cisco
iPhones crash from a simple Nmap port scann.  The CVE entry is at [2].
The slightly amusing part is reading Cisco trying to defend this
crashing behavior.  From the article:

  There is more amiss with Cisco's cherished Iphones. Hemel discovered
  a security leak in another type, the WIP330. This one runs Windows and a
  simple port scan can send it crashing. Hemel pointed it out to Linksys
  in November. And again, he never heard from the company. Meanwhile the
  bug got published on the well browsed CVE web site.

  Asked also to comment on this issue, Linksys came back with a flat
  denial. "This only occurs when the user runs an nmap on the LAN. It
  causes the phone to reboot. Whilst this is a security issue, it is
  not considered critical, as most WIP330 deployments run behind a
  NAT, which makes it impossible for this problem to happen. The issue
  will only occur in LAN environments (running the application on the
  same LAN as the WIP330) or if the WIP330 uses a public address,
  which is very unlikely."

  Rubbish, says Hemel. "That phone is advertised on their own website
  as good for use in public hotspots."

Cheers,
Fyodor

[1] http://www.theinquirer.net/default.aspx?article=36990
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6411

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org