Vulnerability Note VU#749342

Multiple vulnerabilities in H.323 implementations

Original Release date: 13 Jan 2004 | Last revised: 29 Jul 2009

Overview

A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. Voice over Internet Protocol (VoIP) and video conferencing equpiment and software can use these protocols to interoperate over a variety of computer networks. The majority of the vulnerabilities discovered are limited to denial of service impacts; however, several may allow unauthorized code execution.

Description

The U.K. National Infrastructure Security Co-ordination Center (NISCC) has reported multiple vulnerabilities in different vendor implementations of the multimedia telephony protocols H.323 and H.225. H.323 and H.225 are international standard protocols, published by the International Telecommunications Union, used to facilitate communication among telephony and multimedia systems. An example of such a system includes VoIP or video-conferencing equipment and software deployed on a network or computer. Sending an exceptional ASN.1 element to a vulnerable telephony component that cannot handle it may cause the application or system behavior to become unpredictable.

A test suite developed by NISCC has exposed vulnerabilities in a variety of H.323/H.225 implementations. While most of these vulnerabilities exist in ASN.1 parsing routines, some vulnerabilities may occur elsewhere. Due to the general lack of specific vulnerability information, this document covers multiple vulnerabilities in different H.323/H.225 implementations. Information about individual vendors is available in the Systems Affected section.

The U.K. National Infrastructure Security Co-ordination Centre is tracking this vulnerability as NISCC/006489/H.323.

Impact

The impacts associated with these vulnerabilities include denial of service, and potential execution of arbitrary code.

Solution

Patch or Upgrade

Apply a patch or upgrade as appropriate. Information about specific vendors is available in the Systems Affected section of this document.

One potential workaround includes making sure ports 1720/tcp and 1720/udp are blocked on network perimeters.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Check PointAffected12 Jan 200430 Jan 2004
Cisco Systems, Inc.Affected12 Jan 200413 Jan 2004
Hewlett-Packard CompanyAffected12 Jan 200405 Apr 2004
IntelAffected12 Jan 200427 Feb 2004
Microsoft CorporationAffected12 Jan 200413 Jan 2004
Nortel Networks, Inc.Affected12 Jan 200413 Jan 2004
PolycomAffected-29 Jul 2009
RadVisionAffected-13 Jan 2004
TandBergAffected-13 Jan 2004
Apple Computer, Inc.Not Affected12 Jan 200413 Jan 2004
ClavisterNot Affected12 Jan 200430 Jan 2004
CyberguardNot Affected-13 Jan 2004
eSoftNot Affected12 Jan 200413 Jan 2004
Foundry Networks Inc.Not Affected12 Jan 200430 Jan 2004
HitachiNot Affected12 Jan 200413 Jan 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

The CERT Coordination Center thanks the NISCC Vulnerability Management Team and the University of Oulu Security Programming Group OUSPG for coordinating the discovery and release of the technical details of this issue.

This document was written Jeffrey S. Havrilla based on information from NISCC.

Other Information

  • CVE IDs: CVE-2003-0819
  • CERT Advisory: CA-2004-01
  • Date Public: 13 Jan 2003
  • Date First Published: 13 Jan 2004
  • Date Last Updated: 29 Jul 2009
  • Severity Metric: 13.67
  • Document Revision: 42

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.