Info from Cisco:
This has been resolved in the latest versions of the software
(1) Short problem description:
When using the 'ping' command from the phone, the payload in the
outgoing echo request packets contains data from the phone's memory.
(2) Longer problem description (what happens):
When using the 'ping' command from the phone, the payload in the
outgoing echo request packets contains data from the phone's memory,
which may contain previously typed commands (including passwords). This
is hardly a problem in normal usage, but when debugging I guess it
would be convenient to be able to ping from phones over untrusted
networks without disclosing this kind of information.
(3) Possible solution (what did you expect):
Actively set the payload to something harmless.
(4) How to reproduce (if possible / applicable):
Log on to the phone (telnet), type some commands, and then ping some
remote host and sniff the packets. For example:
lur> just testing if this will end up in a ping packet
just: Command not found.
lur> ping 192.168.1.1
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds
lur> !!!!!
Success Rate 100 percent (5/5)
One of the resulting echo requests:
12:07:35.473310 192.168.1.2 > 192.168.1.1: icmp: echo request
0000: 4500 0080 3e14 0000 4001 777c 82ed 5fe7 E...>...@.w|.í_ç
0010: 82ed 5f2b 0800 48a6 0001 0004 6a75 7374 .í_+..H¦....just
0020: 2074 6573 7469 6e67 2069 6620 7468 6973 testing if this
0030: 2077 696c 6c20 656e 6420 7570 2069 6e20 will end up in
0040: 6120 7069 6e67 2070 6163 6b65 7400 ca82 a ping packet.Ê.
0050: 0030 0000 ffff ffff ffff ffff ffff ffff .0..ÿÿÿÿÿÿÿÿÿÿÿÿ
0060: ffff ffff ffff ffff ffff ffff ffff ffff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0070: ffff ffff ffff ffff ffff ffff e75f ed82 ÿÿÿÿÿÿÿÿÿÿÿÿç_í.
(5) Workaround used currently (if applicable):
Avoid the 'ping' command.
(7) Would you classify this as:
(A) Bug/malfunction: Can not
deploy before fixed.
(8) What software version
P0S3-05-1-00
(9) Contact information
Andreas Östling <andreaso@SPAM.it.su.se>
(11) Report:
Date: Thu, 24 Jul 2003 22:10:18 +0200 (CEST)
Message-ID: <Pine.BSO.4.53.0307242155520.31601@nitzer.it.su.se>