| VID |
13017 |
| Severity |
40 |
| Port |
1729 |
| Protocol |
TCP,UDP |
| Class |
Protocol |
| Detailed Description |
The H.323 protocol has been detected as running on the target host.
A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. These protocols are most commonly used in VoIP applications, Microsoft NetMeeting and video conferencing applications for the exchange of voice and video communications over networked systems.
A test suite developed by U.K. NISCC and the University of Oulu Security Programming Group (OUSPG) has exposed vulnerabilities in a variety of H.323/H.225 implementations. H.323 uses the H.225.0v4 protocol for call signaling and connection establishment. The H.225.0v4 protocol contains a number of identifier fields, such as email addresses, originating phone numbers, or URLs. By carefully crafting H.225.0v4 setup messages to omit required fields, specifying illegally long length fields, or including otherwise malformed fields, an attacker may be able to exploit bugs in various H.323 implementations. These vulnerabilities can typically be exploited by an unauthenticated remote attacker. Exploitation of these vulnerabilities may result in the execution of arbitrary code or cause a denial of service, which in some cases may require a system reboot.
H.323 enabled products range from endpoints (usually IP phones or video conferencing products), to H.323 gatekeepers (often found on routers), to H.323 enabled firewalls. The standard port used for H.323 call signaling messages is TCP (and in some cases UDP) port 1720.
* Note: This check solely relied on the presence of H.323 service.
* References:
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/index.html
http://www.checkpoint.com/techsupport/alerts/h323.html
http://www.cert.org/advisories/CA-2004-01.html
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
http://xforce.iss.net/xforce/alerts/id/160
http://www.microsoft.com/technet/security/bulletin/ms04-001.mspx
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
* Platforms Affected:
Many software and hardware systems that implement the H.323 protocol
Examples include
- Voice over Internet Protocol (VoIP) devices and software
- Video conferencing equipment and software
- Session Initiation Protocol (SIP) devices and software
- Media Gateway Control Protocol (MGCP) devices and software
- Other networking equipment that may process H.323 traffic (e.g., routers and firewalls) |
| Recommendation |
If it is not needed, disable the service.
-- OR --
If it has not been applied the patch for these flaws, then apply the appropriate patch for your system, as listed in CERT Vulnerability Note VU#749342 at http://www.kb.cert.org/vuls/id/749342 |
| Related URL |
CVE-2003-0819 (CVE) |
| Related URL |
9406,9408 (SecurityFocus) |
| Related URL |
14167,14177 (ISS) |
|
