[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS ALERT - 37/04 - NISCC Vulnerability Advisory 060525/H323



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
      UNIRAS (UK Govt CERT) ALERT - 37/04 dated 26.10.04  Time: 15:00  
 UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

An Update to the Vulnerability Issues in Implementations of the H.323 Protocol


Detail
====== 

If exploited, these vulnerabilities could allow an attacker to create a Denial of 
Service condition. There are indications that it may be possible for an attacker to 
execute code as a result of a buffer overflow. 



NISCC Vulnerability Advisory 060525/H323
- ----------------------------------------

An Update to the Vulnerability Issues in Implementations of the H.323 Protocol

Version Information
- -------------------
Advisory Reference	060525/H323
Release Date		26 Oct 2004
Last Revision		24 Jun 2004
Version Number		1.0

What is affected?
- -----------------
The vulnerabilities described in this advisory affect the network protocol H.323.  
Many vendors include support for this protocol in their products and may be impacted 
to varying degrees, if at all.  

Please note that the information contained within this advisory is subject to 
changes. All subscribers are therefore advised to regularly check the UNIRAS website 
for updates to this notice.

Severity 
- --------
The severity of these vulnerabilities varies by vendor.  Please see the vendor 
section below for further information.  Alternatively contact your vendor for 
product specific information. 

If exploited, these vulnerabilities could allow an attacker to create a Denial of 
Service condition. There are indications that it may be possible for an attacker to 
execute code as a result of a buffer overflow. 

Summary
- -------
During 2002 the University of Oulu Security Programming Group (OUSPG) discovered a 
number of implementation specific vulnerabilities in the Simple Network Management 
Protocol (SNMP).  Subsequent to this discovery, NISCC has performed and commissioned 
further work on identifying implementation specific vulnerabilities in related 
protocols that are critical to the UK Critical National Infrastructure.  One of 
these protocols is H.225 which is part of the H.323 family and commonly implemented 
as a component of multimedia applications such as Voice Over IP (VoIP). 

A new test suite for H.323 has been released by OUSPG. This is an update (Release 2)
of the H.225.0 test suite that was released on 26th January 2004. OUSPG has employed 
the updated test suite to validate their findings against a number of products from 
different vendors.  The test results have been confirmed by testing performed by 
NISCC and the affected vendors contacted with the test results.  These vendors' 
product lines cover a great deal of the existing critical information infrastructure 
worldwide and have therefore been addressed as a priority.  However, NISCC has 
subsequently contacted other vendors whose products employ H.323 and provided them 
with tools with which to test these implementations. 

All users of network and multimedia equipment are recommended to take note of this
advisory and carry out any remedial actions suggested by their vendor(s).

[Please note that revisions to this advisory will not be notified by email.  All 
subscribers are advised to regularly check the UNIRAS website for updates to this 
notice.]

Details
- -------
H.323 is an international standard protocol, published by the International 
Telecommunications Union, that supports inter-operability between vendor 
implementations of telephony and multimedia products across IP based networks.  As 
such it is often supported on network perimeter and multimedia hardware such as 
video-conferencing equipment.  The specific sub-component that has been tested, 
H.225, deals with the set-up of connections between H.323 devices. 

Further detail will be released as it becomes available.

This vulnerability has been assigned the CVE name CAN-2004-0498.

Solution
- --------
Please refer to the Vendor Information section of this advisory for platform 
specific remediation.

Vendor Information
- ------------------
A list of vendors affected by this vulnerability is not currently available. Please 
visit the web site in order to check for updates.

Credits
- -------
The NISCC vulnerability team would like to thank the vendors for their co-operation 
in handling this vulnerability.

Contact Information
- -------------------
The NISCC Vulnerability Management Team can be contacted as follows:

Email	   vulteam@xxxxxxxxxxxx 
           Please quote the advisory reference in the subject line

Telephone  +44 (0)870 487 0748 Ext 4511
           Monday - Friday 08:30 - 17:00

Fax	   +44 (0)870 487 0749

Post	   Vulnerability Management Team
           NISCC
           PO Box 832
           London
           SW1P 1BG

We encourage those who wish to communicate via email to make use of our PGP key.  
This is available from http://www.uniras.gov.uk/UNIRAS.asc 

Please note that UK government protectively marked material should not be sent to 
the email address above. 

If you wish to be added to our email distribution list please email your request to 
uniras@xxxxxxxxxxxxx
 
What is NISCC?
- --------------
For further information regarding the UK National Infrastructure Security 
Co-ordination Centre, please visit http://www.niscc.gov.uk/aboutniscc/index.htm.
 
Reference to any specific commercial product, process, or service by trade name, 
trademark manufacturer, or otherwise, does not constitute or imply its endorsement, 
recommendation, or favouring by NISCC. The views and opinions of authors expressed 
within this notice shall not be used for advertising or product endorsement 
purposes.

Neither shall NISCC accept responsibility for any errors or omissions contained 
within this advisory. In particular, they shall not be liable for any loss or 
damage whatsoever, arising from or in connection with the usage of information 
contained within this notice.

C 2004 Crown Copyright 

<End of NISCC Vulnerability Advisory>

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:

Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of NISCC for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQX5UTopao72zK539AQEiIQP+MJb4j3hBImsiz3NPtUU3QzoaGnLnaVEn
fhRoAhmJn1UE8LABv08ulvRNOiBI0hqn7hNFtAvnSBMH5dxjNzHvOwKr0+1e803y
2m8bTs6YPwRxqf/Xz4MK4s9lFI1n+Va/KByr+HTMbEzqBj7qvRIvwylrL+dz8Azo
MHHJM33QrtY=
=907X
-----END PGP SIGNATURE-----