| VID |
29075 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco IOS has multiple vulnerabilities in H.323 Message Processing.
The University of Oulu Secure Programming Group (OUSPG) has reported multiple vulnerabilities in the processing of H.323 messages and has created a test suite for H.323. H.323 is the International Telecommunications Union (ITU) standard for real-time multimedia communications and conferencing over packet-based (IP) networks. These vulnerabilities may be exploited to produce a denial of service (DoS) attack. When these vulnerabilities are exploited successfully, they may cause an affected device to crash or hang. Using this test suite, a remote attacker can generate programmatically test packets containing overly long or exceptional elements in various fields of the H.323 Protocol Data Units (PDUs), and then transmit it to an affected device. It can cause various parsing and processing functions to fail, which may result in a device crash and reload (or reboot) in most circumstances. A reboot of the device is required to return to regain normal functionality.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
* Platforms Affected:
Cisco ATA 18x Any version
Cisco BTS 10200 Any version
Cisco CallManager 3.0 through 3.3
Cisco Conference Connection (CCC) Any version
Cisco Internet Service Node (ISN) Any version
Cisco IOS 11.3T
Cisco IOS 12.0,12.0S,12.0T,12.0XC,12.0XD,12.0XG-12.0XL,12.0XN,12.0XR,12.0XT
Cisco IOS 12.1,12.1AA,12.1E,12.1EC,12.1EZ,12.1T,12.1X-12.1XD,12.1XL,12.1XM
Cisco IOS 12.1XP-12.1XR,12.1XT-12.1XV,12.1YB-12.1YF,12.1YH,12.1YI,12.1YJ
Cisco IOS 12.2,12.2BX,12.2DD,12.2DX,12.2MC,12.2MX,12.2S,12.2X-12.2XN,12.2XQ
Cisco IOS 12.2XS-12.2XU,12.2XW, 12.2YB-12.2YZ, 12.2ZA-12.2ZH,12.2ZJ,12.2ZL
Cisco IP Phone 7905 1.00
All Cisco products that run Cisco IOS software and support H.323 packet processing |
| Recommendation |
Upgrade to the fixed Cisco IOS version, as listed in "Software Versions and Fixes" of Cisco Security Advisory (Vulnerabilities in H.323 Message Processing) at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml .
Upgrades should be obtained through the Software Center on Cisco's worldwide web site at http://www.cisco.com .
For details, see http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml |
| Related URL |
CVE-2004-0054 (CVE) |
| Related URL |
9406 (SecurityFocus) |
| Related URL |
14204 (ISS) |
|
