EUIST

EUIST

Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

CyTRAP Labs – advisory – Versatel, Vivendi and Tele2 – vulnerability fixed

December 21st, 2006 · No Comments ·

Remember a while back (2006-10-04) we had this story

CyTRAP Labs – advisory – Versatel, Vivendi and Tele2 – fixed-line and broadband customers – vulnerability

that reported about a vulnerability for Tele 2 customers. The vulnerability was such that it could be exploited by a malicious user in the affected countries to:

– close Internet services of the affected party down,
– turn off telephone services and play
– more havoc affecting the unsuspecting Tele 2 customer.

_Disclosure Timeline_

2006-09-15 – Vulnerability reported to vendor – acknowledged receipt of email
2006-09-19 – Workaround released to CyTRAP Labs customers
2006-09-28 – Vulnerability reported 2nd time to vendor – phone call
2006-10-04 – Coordinated public release of advisor
2006-10-06 – Vendor starts fixing vulnerability
2006-11-02 – Vendor advices about fix of vulnerability
2006-11-13 til 23 – Tests by vulnerability researchers

2006-12-21 – Tests closed – vulnerability patched this security gap effectively

_Credit_

This vulnerability was discovered by various researchers that wish to remain anonymous. Tele 2 was responsible for getting the vulnerability fixed

_About CyTRAP Labs_

CyTRAP Labs follows a collaborative model whereby researchers may disclose vulnerabilities to us and we contact vendors or coordinate work-around solutions.

– _Lessons Learned_

Tele 2 is in the process of improving reporting capabilities for vulnerabilities that relate to its products/services in the

– 15 countries it provides internet services and those
– 23 where telephony services are being offered

CyTRAP Labs is trying to encourage its colleagues (often employed by large organizations) that report to us such kind of vulnerabilities to continue with their work . We also ask them after the patch may have been released by the vendor to please :

– conduct their tests in a more timely and systematic fashion, thereby
– empowering CyTRAP Labs to inform its constituencies including the affected vendor faster.

We apologize for this delay.



|

→ No CommentsTags: advices · advisor · tele · tele2 · tests · vendor · versatel · vivendi