Linksys SPA2102 Phone Adapter ping denial of service
| linksys-spa2102-phoneadapter-ping-dos (41436) |  Low Risk |
Description:
Linksys SPA2102 Phone Adapter is vulnerable to a denial of service, caused by the improper handling of network datagrams. By sending an overly large number of ICMP Echo Requests (Ping), a remote attacker could cause the device to crash.
Platforms Affected:
- Linksys, SPA2102 3.3.6
Remedy:
No remedy available as of August 23, 2008.
Consequences:
Denial of Service
References:
- BugTraq Mailing List, Sun Mar 23 2008 - 22:53:34 CDT, Linksys phone adapter denial of service at http://archives.neohapsis.com/archives/bugtraq/2008-03/0342.html.
- Linksys Web site, SPA2102 at http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1146582254856&pagename=Linksys%2FCommon%2FVisitorWrapper.
- BID-28414: Linksys SPA-2102 Phone Adapter Packet Handling Denial of Service Vulnerability
- CVE-2008-2092: Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet (ping of death). NOTE: the severity of this issue has been disputed since there are limited attack scenarios.
- SA29523: Linksys SPA2102 Phone Adapter Denial of Service
Reported:
Mar 23, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net