Firmware/V8 9 3 70

From Snom User Wiki

Jump to: navigation, search

Contents

Security Rollup: 8.9.3.70 - November 2017

Please note: This Security Rollup here and the release 8.9.3.60 from May 2017 are superseded by Service Pack 1: 8.9.3.80 - December 2017.
We suggest updating to SP1 - 8.9.3.80 which includes the security improvements to this Rollup of course and most recent ones.

Security Rollup: 8.9.3.70 is a hotfix release for Snom desktop phones primarily focused to address the exploit KRACK WPA2 Key Reinstallation Attack
Therefore it is highly recommended for Snom desktop phones connecting to a WLAN via WLAN USB stick! For phones deployed without WLAN, there is no compulsory need for action regarding KRACK

 NOTE: 
 * Please make sure you read ALL of the information below before installing the software on your device. 
 * This software is BETA software and has been QA tested with focus on security fixes as below. But its not been fully QA tested & approved. Install at your own risk.
 * Please install and test the software in your environment before mass deployment.
 * This software is only intended to be installed in test environments.
 * Read and follow our security advisories.
 * This release does NOT directly include the OpenVPN feature in firmware file anymore. If you wish to use this feature
please make sure you understand all security implications and follow this link after installing the software.

Download Links & Installation

Please make sure you have read the below information (release notes & known issues before installing this software on your device.

Firmware images

The following models are supported with this firmware. Please note: for all other models firmware maintenance is continued in Firmware Branch 8.7.5.x. :

 Important upgrade/downgrade instructions:
 * Any phone running an 8.9.3.x or higher firmware should not be downgraded to a version below 8.7.5.44.
 * This may lead to a deadlock situation where the firmware works, but the phone cannot be updated anymore at all!
 * All versions lower than 8.7.5.44 are affected by this update procedure issue.
 * Only option left to get out from such deadlock situation is to use the network recovery procedure as described in our support How-to
 * If the downgrade is mandatory, use the 8.7.5.44 as an intermediate firmware downgrade step, before you finally install the desired/known as affected version!
 * Please note: if you experience the deadlock situation do not open an RMA case, as this is not a hardware/flash issue! 

Snom D3x5 series

Phone Model File Size SHA256 Checksum File Name
snomD375 ~ 30M 65e3408ff8953c02f875972022a7c693e029baeba5631d00cfc028b468440719 snomD375-8.9.3.70-SIP-r.bin
snomD345 ~ 25M 9fe741e33a9fee894c4153efb7068ae36cc7bbc1b445230ecbbeec6f6a0c34d7 snomD345-8.9.3.70-SIP-r.bin
snomD315 ~ 25M c90e72126262744edf2755c0610f3cc66eb568754c6e54852227a1d5a3766251 snomD315-8.9.3.70-SIP-r.bin
snomD305 ~ 23M 2225309186994d21df4f27b8c7e8efa037e2553ac74b9cfdb42b194e23b37aa0 snomD305-8.9.3.70-SIP-r.bin

Snom D7x5 series

Phone Model File Size SHA256 Checksum File Name
snomD765 ~ 29M bdc0aaf3f06f51e4c3197fd1f2e027c90e37c955333648adf2d0b53efae36580 snomD765-8.9.3.70-SIP-r.bin
snomD745 ~ 25M e2c7f0ad04023e06da5d42229f355bad47784da312a875bb2dcb891d5ac784c9 snomD745-8.9.3.70-SIP-r.bin
snomD725 ~ 23M ccad40925fdd86943082ec2becbaa9bdcc0221293484e612c67539461bfb6785 snom725-8.9.3.70-SIP-r.bin
snomD715 ~ 23M a42b87771736b24d2653a10839547d8c1f120a968f635d439d0b8bbbb4c0da23 snom715-8.9.3.70-SIP-r.bin

Snom 7x0 series

Phone Model File Size SHA256 Checksum File Name
snomD710 ~ 13M 57b65958d5987f36b996c12cf6ff9592041b3ac3e916a907f62f8b5bbfeec976 snom710-8.9.3.70-SIP-r.bin
snomD712 ~ 21M 926a2019e53670b0c2c98a6233b8496cda58014914f04af6459017c66bc9dd2a snomD712-8.9.3.70-SIP-r.bin
snom720 ~ 22M b14775a61de82d768ad3df2c2176543319c538868b69bb4336df9bbc93513e59 snom720-8.9.3.70-SIP-r.bin
snom760 ~ 27M 13388c4361b6b758624c423effe8c8b29e1747f492043a0079a7cd1189207976 snom760-8.9.3.70-SIP-r.bin

VPN Feature

Since Firmware version 8.7.5.17 the VPN feature is no longer shipped with the default firmware due to security considerations. If you want to enable the VPN feature you have to install the VPN patch, following the download links.

Important notes about the VPN feature:

  • a network recovery will remove the VPN feature
  • starting with fw version 8.9.3.20 the VPN patch version must be aligned with the phone firmware
  • if the VPN patch is installed when you update the phone updating the VPN patch is not needed

Snom D3x5 series

Phone Model File Size SHA256 Checksum File Name
snomD375 ~ 228K 6b80c661f0173e08ac1e800db3e55c6b663f61257c842c0a749a8663cdb71e17 snomD375-8.9.3.70-vpnfeature-r.bin
snomD345 ~ 228K cc895d1a39081fc2b60846e41e689174d5dd1d8c9d3c3fb8383dfb16cb53bfdd snomD345-8.9.3.70-vpnfeature-r.bin
snomD315 ~ 228K 29e1802a84be2ef150ae4ef6206602ec7ed2a6bcd199ca65fea6c6a361a93b96 snomD315-8.9.3.70-vpnfeature-r.bin

Snom D7x5 series

Phone Model File Size SHA256 Checksum File Name
snomD765 ~ 228K 5c2c7edab3d8e667c745d7a48283cc1edea80ea2ae4dfdd45bb7404e033c52da snomD765-8.9.3.70-vpnfeature-r.bin
snomD745 ~ 228K 295a7d181214eff75d9125db2905be2e269073fa3b1b0ca393a0b20f103820d9 snomD745-8.9.3.70-vpnfeature-r.bin
snomD725 ~ 228K 50344bc86d58c5336a5428835201bd3577410dd84174c9c5c39ed2162faca24f snom725-8.9.3.70-vpnfeature-r.bin
snomD715 ~ 228K 7b9ac9602405db91e1a50c33cbe2db2191d007aa43354478db7bd59f584a9e56 snom715-8.9.3.70-vpnfeature-r.bin

Snom 7x0 series

Phone Model File Size SHA256 Checksum File Name
snomD710 ~ 256K 8dcc797faf903150aeb66eaf1a9af5ac4c5dca016c756cb473b12e3a82324ce7 snom710-8.9.3.70-vpnfeature-r.bin
snomD712 ~ 228K f55b5fe15bbdd76ff6ad9da58db1ebfc2db056a6f40d5bd85579e2c75ece8b9d snomD712-8.9.3.70-vpnfeature-r.bin
snom720 ~ 228K 2ef7c084f4fbc0a099638420852f8aed6c445a908a55323895be2069b975ebe4 snom720-8.9.3.70-vpnfeature-r.bin
snom760 ~ 228K 7b8dca21e364f53a90ae3692e3a1315b7a76172e3aaf8bcc235d1ecdcf0a6d48 snom760-8.9.3.70-vpnfeature-r.bin

Customisation files

In the following links you can find all the internal files that can be customised via Branding, via the <uploads> provisioning tag and the default language XML files.

Snom D3x5 series

Phone Model File Size SHA256 Checksum File Name
snomD375 ~ 2.5M 4cfe9a4cf34d04d8bdb2be058184d79b6e4c298eb3df08954e889a9a634f9896 snomD375-8.9.3.70-customizing.tar.gz
snomD345 ~ 1004K ba35f13007e2f2d081ae8debb3dc936f0993ee3fb831b0db71596e4c0956b570 snomD345-8.9.3.70-customizing.tar.gz
snomD315 ~ 1004K 700971863b7e189315c0dc429a992babffd86bafd1b2f02e63c5f06a1757597d snomD315-8.9.3.70-customizing.tar.gz
snomD305 ~ 1004K e9a6b437f89d03f736bcde59b3cdd856e82fef1945c0e74e14ac71ed30e9664b snomD305-8.9.3.70-customizing.tar.gz

Snom D7x5 series

Phone Model File Size SHA256 Checksum File Name
snomD765 ~ 1.4M f57d715284271005c54aa52e666198d7bcd2aa6c96653d29159df0956e8829d5 snomD765-8.9.3.70-customizing.tar.gz
snomD745 ~ 1004K 943d53d8b01a00ea05554d3fc78ad92e109ea22b6e877ed444191a15b528498e snomD745-8.9.3.70-customizing.tar.gz
snomD725 ~ 976K 788231b4d5df97f76d8b05a68241337a62c0e427bb1142f51b91bb51957533cb snom725-8.9.3.70-customizing.tar.gz
snomD715 ~ 976K 8be9b8f12c8feb323c7e2e1892f0d11f3cd19a40bd792c334e18e92cc5c2d8be snom715-8.9.3.70-customizing.tar.gz

Snom 7x0 series

Phone Model File Size SHA256 Checksum File Name
snomD710 ~ 976K 14d6965ecc7ef45fd560a2440e1fb44f3d6cd02a1f44344efe3e37136025d7fd snom710-8.9.3.70-customizing.tar.gz
snomD712 ~ 976K 71928348ab8c69c14fe44445ecdf3f0be6cf7269845d9d7e999930b929eca98b snomD712-8.9.3.70-customizing.tar.gz
snom720 ~ 976K a5f1404212661d389e8adf2b425497c3942ba3aab8b07364758390b8f2e4ed28 snom720-8.9.3.70-customizing.tar.gz
snom760 ~ 1.4M 1a015d837083fac69d9bb5a638b43395872d7bbbefdb0414dd5790a7f47874cf snom760-8.9.3.70-customizing.tar.gz

Installation Instructions

Right-click on the appropriate link for your device and choose Copy shortcut:

Open the Web User Interface and navigate to the Software Update page

Paste the link into the Firmware field

Web User Interface -> Software Update -> Firmware

Press Load

--> The Device reboots and starts the software update.

Note: Do not disconnect the power at any time during this process!

Check your firmware version afterwards

Release Notes

The list below describes the security-related changes starting with 8.9.3.61

Fixes:

-=Security=-

REFERENCE-ID TYPE DESCRIPTION
SAP-1836 FIX: WPA2 patched against KRACK WPA 2 exploit
SAP-1653 FIX: MD5 value set on user_hash is now treated as secret as user_pass
Please note: general Web User Interface protection improvement is strongly recommended e.g. in strict accordance with FAQ:How_do_I_secure_my_phone
SAP-1346 FIX: TR-069 port (7547) is now closed if TR-069 is not used
SAP-568 FIX: The lock symbol in display indicating an SIPS/SRTP secured call remained after call was ended, or when SRTP switched to RTP during a call, e.g. in receiving not encrypted MoH

Known issues

The following is a list of issues that are known to appear with this release. Please DO NOT open support tickets reporting these issues.

   General
               SCPP-6299 Replacing handset does not immediately return phone to idle when remote is busy
               SCPP-6317 Phone shows ethernet disconnect warning when W-Lan is in use
               SCPP-6351 Headset Jabra Pro 935 via USB: headset can end incoming calls only by pressing the headset button twice (works with snom EHS Advanced)
   D715/D725
               SCPP-6334 D715 & D725: ignores volume parameter from multicast setting: mc_address
   710
               SAP-220   710: holding reminder heard by connected party
   Allnet WLAN SCPP-7671 WLAN stick Allnet ALL0233DB doesn't work anymore with IPv6

Support

If you have any issues with the firmware please do the following:

  • If the issues massively affect the service please downgrade back to the software version you were using before
  • As an end-user please contact your reseller or post your question in the Snom forum
  • As a VAR please open a support ticket on out helpdesk


 About the logo used for the KRACK attack:
 Author: Mathy Vanhoef
 Is used as on the https://www.krackattacks.com/ website
 This file is licensed under the Creative Commons Attribution-Share Alike 4.0 International license.
Personal tools
Interoperability