[VOIPSEC] RTP-borne virus examples?

Ari Takanen art at codenomicon.com
Thu Dec 1 21:03:28 CST 2005 

Hello all,

Well in most cases when our Codenomicon RTP test tool is used in
development, it will actually try to ensure that there are no
vulnerabilities. Some of our customers might be aware of issues in
commercial products, but I hope those will also be fixed before any
public disclosure. We are trying hard NOT to have a huge amount of
publicly known issues, but to be proactively eliminating the flaws
before anyone knows them. And I think we have been pretty successful
in VoIP ever since our work at the PROTOS project.

But to the original question: RTP has all the same issues as any other
protocol, including wide variety of denial of service, memory leakage,
boundary values, buffer overflows; and worms, viruses, and trojans can
abuse these. We are working with the critical infrastructure players
and the industry to get those vulnerabilities fixed. If someone really
wants to open up old wounds, take the PROTOS test-suite and run it
against any 2+ year old VoIP product. 

I cannot, and I do not want to talk about problems we know in
commercial products. We will at some point also work with the open
source community to get those projects fixed, but the problem there is
that you cannot fix open source "quietly", and that there usually is
no quality assurance people in those projects. Evil-doers will
immediately notice the issues when they are fixed or published in any
other manner. But we have done that with other critical open source
projects in the past, such as Apache and OpenSSL, with the good help
of the NISCC (UK government) and the Redhat team. We know that many of
you depend on those pieces of software also, and it is good to see
that some organizations dedicate time and resources on testing those
open source systems.

Note also that we also support robustness testing and security
analysis of SIP, Sigcomp, RTP, RTCP, MGCP, H.323, H.248, MPLS, and
many other protocols used in IMS and VoIP infrastructure.

So update the software on your phones regularly!

/Ari

On Thu, Dec 01, 2005 at 05:26:08PM +0100, THABARET Frederic ROSI/DAS wrote:
> 
> Codenomicon sell a RTP test tool http://www.codenomicon.com/products/telecommunications/rtp/
> I  understand that if this product is useful they might have found vulnerable RTP implementations. Vulnerable implementations could then be the origin of attacks.
> If someone has heard of RTP vulnerability i would be also very interested to discover it.
> 
> -----Message d'origine-----
> De : Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] De la part de John Todd
> Envoyé : lundi 28 novembre 2005 06:26
> À : Voipsec at voipsa.org
> Objet : [VOIPSEC] RTP-borne virus examples?
> 
> 
> Has anyone seen any "wild" virii transmitted via RTP?  I have heard of the theoretical transmission of such viruses and heard rumors about them, but as have yet to see one for myself.  I would be interested in any references or documentation of such items, and what (if anything) is being done on any edge devices to counter the threat.
> 
> Apologies if I'm far behind the times on this type of thing and there is an obvious list that Google simply did not show; I don't often keep track of client-side virus issues.
> 
> JT
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 
> ********************************
> Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et etablis a l'intention exclusive de
> ses destinataires.
> Toute utilisation ou diffusion non autorisee est interdite.
> Tout message electronique est susceptible d'alteration. Le Groupe France Telecom decline toute responsabilite au titre de
> ce message s'il a ete altere, deforme ou falsifie.
> Si vous n'etes pas destinataire de ce message, merci de le detruire immediatement et d'avertir l'expediteur.
> *********************************
> This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised
> use or dissemination is prohibited.
> Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or
> falsified.
> If you are not the intended addressee of this message, please cancel it immediately and inform the sender.
> ********************************
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

-- 
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
Ari Takanen                       Codenomicon Ltd.
ari.takanen at codenomicon.com       Kaitovayla 1
tel: +358-40 50 67678             FIN-90570 Oulu
http://www.codenomicon.com        Finland
PGP: http://www.codenomicon.com/codenomicon-key.asc
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

More information about the Voipsec mailing list