If you run a NMAP network scan against the IP of the phone server, it will crash the Altigen's Gateway service, rendering the system useless until rebooted. All information saved in the phone system at the time is lost. Port 5061 crashes due to HEAP Overflow. Following message: Application popup: Microsoft Visual C++ Debug Library : Debug Error! Program: C:\AltiServ\Exe\altigateway.exe HEAP CORRUPTION DETECTED: after Normal block (#13414021) at 0x08E1C270. CRT detected that the application wrote to memory after end of heap buffer. Specifics: ANY workstations running NMAP on the LAN with knowledge of the phone system's IP address. Special permissions are not needed. Crash occurs with 15 seconds of scanning on a 100 Mb line. Exploitation: This is remotely exploitable from anywhere on the Internet with access to ANY Altigen service port. Platform: Windows Server 2008, fully updated, firewall enabled with ports opened for Altigen services. Solution: Vendor is releasing patch for this issue in next revision. Binding outbound traffic to just PRI/Trunk seems to mitigate the issue.
