Vulnerability Note VU#749342
Multiple vulnerabilities in H.323 implementations
A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. Voice over Internet Protocol (VoIP) and video conferencing equpiment and software can use these protocols to interoperate over a variety of computer networks. The majority of the vulnerabilities discovered are limited to denial of service impacts; however, several may allow unauthorized code execution.
The U.K. National Infrastructure Security Co-ordination Center (NISCC) has reported multiple vulnerabilities in different vendor implementations of the multimedia telephony protocols H.323 and H.225. H.323 and H.225 are international standard protocols, published by the International Telecommunications Union, used to facilitate communication among telephony and multimedia systems. An example of such a system includes VoIP or video-conferencing equipment and software deployed on a network or computer. Sending an exceptional ASN.1 element to a vulnerable telephony component that cannot handle it may cause the application or system behavior to become unpredictable.
A test suite developed by NISCC has exposed vulnerabilities in a variety of H.323/H.225 implementations. While most of these vulnerabilities exist in ASN.1 parsing routines, some vulnerabilities may occur elsewhere. Due to the general lack of specific vulnerability information, this document covers multiple vulnerabilities in different H.323/H.225 implementations. Information about individual vendors is available in the Systems Affected section.
The impacts associated with these vulnerabilities include denial of service, and potential execution of arbitrary code.
Patch or Upgrade
One potential workaround includes making sure ports 1720/tcp and 1720/udp are blocked on network perimeters.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Check Point||Affected||12 Jan 2004||30 Jan 2004|
|Cisco Systems, Inc.||Affected||12 Jan 2004||13 Jan 2004|
|Hewlett-Packard Company||Affected||12 Jan 2004||05 Apr 2004|
|Intel||Affected||12 Jan 2004||27 Feb 2004|
|Microsoft Corporation||Affected||12 Jan 2004||13 Jan 2004|
|Nortel Networks, Inc.||Affected||12 Jan 2004||13 Jan 2004|
|Polycom||Affected||-||29 Jul 2009|
|RadVision||Affected||-||13 Jan 2004|
|TandBerg||Affected||-||13 Jan 2004|
|Apple Computer, Inc.||Not Affected||12 Jan 2004||13 Jan 2004|
|Clavister||Not Affected||12 Jan 2004||30 Jan 2004|
|Cyberguard||Not Affected||-||13 Jan 2004|
|eSoft||Not Affected||12 Jan 2004||13 Jan 2004|
|Foundry Networks Inc.||Not Affected||12 Jan 2004||30 Jan 2004|
|Hitachi||Not Affected||12 Jan 2004||13 Jan 2004|
CVSS Metrics (Learn More)
The CERT Coordination Center thanks the NISCC Vulnerability Management Team and the University of Oulu Security Programming Group OUSPG for coordinating the discovery and release of the technical details of this issue.
This document was written Jeffrey S. Havrilla based on information from NISCC.
- CVE IDs: CVE-2003-0819
- CERT Advisory: CA-2004-01
- Date Public: 13 Jan 2003
- Date First Published: 13 Jan 2004
- Date Last Updated: 29 Jul 2009
- Severity Metric: 13.67
- Document Revision: 42
If you have feedback, comments, or additional information about this vulnerability, please send us email.