|
|
Table Of Contents
Vulnerabilities in H.323 Message Processing
Vulnerabilities in H.323 Message Processing
May 2, 2007 OL-5327-03During 2002 the University of Oulu Security Programming Group (OUSPG) discovered a number of implementation-specific vulnerabilities in the Simple Network Management Protocol (SNMP). Subsequent to this discovery, the National Infrastructure Security Coordination Centre (NISCC) performed and commissioned further work on identifying implementation specific vulnerabilities in related protocols that are critical to the United Kingdom Critical National Infrastructure. One of these protocols is H.225, which is part of the H.323 family and is commonly implemented as a component of multimedia applications such as Voice over IP (VoIP).
OUSPG produced a test suite for H.225 and employed it to validate their findings against a number of products from different vendors. The test results have been confirmed by testing performed by NISCC and the affected vendors contacted with the test results. These vendors' product lines cover a great deal of the existing critical information infrastructure worldwide and have therefore been addressed as a priority. However, the NISCC has subsequently contacted other vendors whose products employ H.323 and provided them with tools with which to test these implementations.
Systems impacted: Customers supporting H.323 on their solutions using the Cisco BTS 10200 Softswitch Call Agent.
Recommendation: A security fix for this vulnerability has been incorporated into the Release 4.1 Cisco BTS 10200 Softswitch. Further vendor action is not required.
Posted: Wed May 2 10:09:08 PDT 2007
All contents are Copyright © 1992--2007 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.