[Freeswitch-users] faxploit
Brian West
brian at freeswitch.com
Tue Aug 25 17:06:39 UTC 2020
Spoke with Steve,
He says:
What is described there does not appear to be a problem with the FAX
protocol, even though the text says it is. They refer to problems
handling DHT (define huffman table) and COM (comment) sections when they
are used incorrectly. Those are tags in JPEG images. It looks like that
are talking about an issue with JPEG decoders that don't allow for
certain types of corrupt image, and the exploit would be specific to
particular models of FAX machines. The problem would be in the JPEG
decoder itself. Spandsp calls the system's JPEG library to do that
decoding. Any flaw that might exist would be in that system's JPEG library.
Regards,
Steve
On Mon, Aug 24, 2020 at 4:14 AM mayamatakeshi <mayamatakeshi at gmail.com>
wrote:
> Hi,
>
> *Check Point researchers have discovered a vulnerability in the ITU T.30
> fax protocol that could be hacked to launch a cyberattack and gain access
> to a network.*
>
>
> https://www.healthcareitnews.com/news/fax-machines-can-be-hacked-breach-network-using-only-its-number
>
> The phrase above indicates a flaw in the T.30 protocol itself and not in
> particular implementations.
> This is from 2018.
> I don't remember reading anything about this in the fs mailing list.
>
> Was freeswitch/spandsp audited to ensure application rxfax is safe?
>
> https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/
>
>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
--
Brian West | Co-founder and Developer
Need Commercial support? email sales at freeswitch.com
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
<https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
Email: brian at freeswitch.com
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
[image: https://www.facebook.com/signalwireinc?src=email]
<https://www.facebook.com/freeswitch> [image:
https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20200825/2664df8c/attachment.html>
More information about the FreeSWITCH-users
mailing list