Date: Wed, 20 Oct 1999 19:40:31 +0200 From: Aviram Jenik <aviram@SECURITEAM.COM> Subject: DoS in Eicon ISDN Modem is now fixed To: BUGTRAQ@SECURITYFOCUS.COM Hi. Björn Stickler has reported a DoS attack on Eicon ISDN modems. I have a short update on this matter, which will probably be interesting for Eicon customers. A short recap: Björn wrote about a possible Denial-of-Service attack on the Diva Lan ISDN modem by accessing a certain URL the mode can't handle. We have contacted Eicon, and they informed us of the following: 1. In the default configuration this attack can only be performed from the local network, and *not* from the Internet. 2. Eicon has released a new firmware which fixes this issue completely. New versions of the Diva Lan modem are already shipped with the new firmware, and current users can download the new firmware from Eicon's web site. Thumbs up to Eicon for their quick response on this matter. A description of this problem and correction is available at: http://www.securiteam.com/exploits/Eicon_s_ISDN_Modem_is_vulnerable_to_a_Den ial-of-Service_attack.html ------------------------- Aviram Jenik SecuriTeam http://www.securiteam.com