Cisco is warning about a DNS vulnerability which could affect Cisco IP phones, Cisco routers, and Cisco ATAs. Cisco issued a patch for a domain name system vulnerability that could put some of its routers and Voice Over IP products at risk for exploits.

According to National Infrastructure Security Coordination Centre, which reported the flaw, the vulnerability could leave some systems open to a Denial-of-Service attack after receiving a specially crafted DNS packet.

NISCC said the exploit targets hosts which use the DNS protocol to resolve names to IP addresses. It said an attacker could craft a DNS packet containing invalid information in the compressed section, which can result in an error in processing on the receiving host. This could cause the device to crash resulting in a denial-of-service.

Cisco said products that could be affected by the flaw are DNS clients, including its 7902/7905/7912 series of IP Phones, its Unity Express and ACNS devices, as well as its ATA (Analog Telephone Adaptor) 186/188 and its series 4400 content routers. In addition it's series 500 and 7300 content engines are at risk from this flaw.

I read in one article that because many vendors include support for this protocol in their products, it is likely they have already issued patches for the vulnerability. As a result, NISCC did not issue a severity rating on the flaw and urged companies to contact the vendors it listed as affected by the vulnerability.

Ok, so what about the hundreds of thousands of Cisco ATAs used by Vonage, Packet8, and other broadband users? These ATAs are typically locked by the VoIP service provider so users have no way of updating the firmware. Only the VoIP service provider can update the firmware. Thus, I sincerely hope Vonage and all the other VoIP players plan on downloading a patched version of the firmware to all of their customers ASAP.

With all the bad news surrounding e911 support within the VoIP industry, we don't need bad press from a major DOS attack on the hundreds of thousands of broadband VoIP users. Imagine if instead of a Vonage or Packet8 outage which occurs perhaps several months apart, we have all of the VoIP providers having an outage all on the same day! Of course, this vision may be a bit apocalyptic with little chance of happening, especially considering Cisco puts out a vulnerability warning every other week..

Still, I wonder now that I've warned about an "apocalyptic VoIP outage" how long it will be before Vonage or another ITSP puts out a press release saying "Vonage takes security and reliability for their customers very seriously and as such we are the proud to announce that we are the first to deploy a patched version of the Cisco firmware which addresses the Cisco DNS DOS vulnerability". Anytime media/PR has a chance to squeeze a lemon into lemonade they will certainly do it.

Courtesy of Russell Shaw, check out the Cisco DOS vulnerability from the horse's mouth:
Cisco Security Notice:Crafted DNS Packet Can Cause Denial Of Service