« CyTRAP Labs - are you ready to act swiftly during the e-discovery phase?
CyTRAP Labs advisory - first Windows Vista zero-day exploit in progress »

CyTRAP Labs - advisory - Versatel, Vivendi and Tele2 - vulnerability fixed

Remember a while back (2006-10-04) we had this story

CyTRAP Labs - advisory - Versatel, Vivendi and Tele2 - fixed-line and broadband customers - vulnerability

that reported about a vulnerability for Tele 2 customers. The vulnerability was such that it could be exploited by a malicious user in the affected countries to:

- close Internet services of the affected party down,
- turn off telephone services and play
- more havoc affecting the unsuspecting Tele 2 customer.

_Disclosure Timeline_

2006-09-15 - Vulnerability reported to vendor - acknowledged receipt of email
2006-09-19 - Workaround released to CyTRAP Labs customers
2006-09-28 - Vulnerability reported 2nd time to vendor - phone call
2006-10-04 - Coordinated public release of advisor
2006-10-06 - Vendor starts fixing vulnerability
2006-11-02 - Vendor advices about fix of vulnerability
2006-11-13 til 23 - Tests by vulnerability researchers

2006-12-21 - Tests closed - vulnerability patched this security gap effectively

_Credit_

This vulnerability was discovered by various researchers that wish to remain anonymous. Tele 2 was responsible for getting the vulnerability fixed

_About CyTRAP Labs_

CyTRAP Labs follows a collaborative model whereby researchers may disclose vulnerabilities to us and we contact vendors or coordinate work-around solutions.

- _Lessons Learned_

Tele 2 is in the process of improving reporting capabilities for vulnerabilities that relate to its products/services in the

- 15 countries it provides internet services and those
- 23 where telephony services are being offered

CyTRAP Labs is trying to encourage its colleagues (often employed by large organizations) that report to us such kind of vulnerabilities to continue with their work . We also ask them after the patch may have been released by the vendor to please :

- conduct their tests in a more timely and systematic fashion, thereby
- empowering CyTRAP Labs to inform its constituencies including the affected vendor faster.

We apologize for this delay.

Your email:  
subscribe unsubscribe  

Technorati , , , , , , , , , , , , , , , , , , , , , ,

This entry was posted on Thursday, December 21st, 2006 at 13:23 and is filed under

WordPress database error: [Can't find file: './EUIST/wp_post2cat.frm' (errno: 13)]
SELECT post_id, category_id FROM wp_post2cat WHERE post_id IN (133)

Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “CyTRAP Labs - advisory - Versatel, Vivendi and Tele2 - vulnerability fixed”

  1. CyTRAP Labs - EU-IST - we help protect since 2000 » Blog Archive » DNS authentication vulnerable to cache poisening Says:
    July 22nd, 2008 at 11:26

    […] CyTRAP Labs - advisory - Versatel, Vivendi and Tele2 - vulnerability fixed […]

  2. CyTRAP Labs - EU-IST - we help protect since 2000 » Blog Archive » CFTC accuses Optiver of ‘banking’ the close Says:
    February 27th, 2009 at 15:49

    […] InfoSec and Twitter - ropes to know #2 […]

Leave a Reply

Protected by WP-Hashcash.