-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief January 13, 2004
Multiple Vendor H.323 Implementation Vulnerabilities Synopsis: Several vendors have reported vulnerabilities in their H.323 based Voice over Internet Protocol (VoIP) products. These reports follow the development of a test suite by the University of Oulu, which targets products that use the H.323 call signaling protocol H.225.0v4. The test suite in question functions by creating malformed or otherwise illegally formatted H.225.0v4 call signaling messages, and has uncovered remotely exploitable vulnerabilities in many H.323 implementations. Impact: Testing has uncovered a number of VoIP vendors to be vulnerable with risks ranging from denial of service (DoS) to improper bounds checking resulting in possible remote system compromise. Multiple vulnerabilities affect key network infrastructure software, including Cisco's Internetwork Operating System (IOS) that is ubiquitous to core routing hardware. Known Affected Products: Cisco IOS devices using IOS 11.3 - 12.3. Microsoft ISA Server and Small Business Server H.323 Implementations from Nortel and Tandberg For a detailed list of affected products and the complete ISS X-Force Security Alert, please visit: http://xforce.iss.net/xforce/alerts/id/160 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBQAQ5eTRfJiV99eG9AQGJLAQAldGC/Ht6NiocZyWedOJ/6Xlh/bqP+J7L TfY6p5QwxHQTYi2Wg95nBruszy0FQK6yfn83/dvhiigiaDpxu7kRg61JdyMlt0xZ h90tOpvVT7sB2EguML5TU6I+whOrVpVGh77J4+kPQu9UhmOIcOF0GFDAs28tPvRS QvJkbm8BDfQ= =Zs4Q -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
