SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (VoIP/Phone/FAX)  >   Cisco IP Phones Vendors:   Cisco
Cisco 7905 Series IP Phone H.323 Processing Flaws Let Remote Users Deny Service
SecurityTracker Alert ID:  1008704
SecurityTracker URL:  http://securitytracker.com/id/1008704
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jan 15 2004
Original Entry Date:  Jan 13 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Cisco 7905 Series IP Phone
Description:   A vulnerability was reported in the Cisco 7905 Series IP Phone in the processing of H.323 messages. A remote user can cause the target system to crash and reboot by sending malformed H.323/H.225 packets.

Cisco reported that several Cisco products have vulnerabilities in the processing of H.323 messages. The University of Oulu H.323 protocol test suite was used to identify these flaws.

A remote user can cause denial of service conditions on the target system. The target system may crash and reboot.

Cisco has assigned Bug ID CSCec77152 to this vulnerability.

Impact:   A remote user can cause the system to crash and reboot.
Solution:   Cisco has released a fixed version [1.0(1)] of the 7905 H.323 phone firmware.

The version 1.0(1) image names are cp790501001h323031212a.sbin for the signed image and cp790501001h323031212a.zup for the unsigned image.

Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml (Links to External Site)
Cause:   Exception handling error, Input validation error

Message History:   None.


 Source Message Contents

Subject:  http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml


http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml

 > Cisco Security Advisory: Vulnerabilities in H.323 Message Processing
 >
 > Document ID: 47843

Cisco reported that several Cisco products have vulnerabilities in the processing of H.323 
messages.  The University of Oulu H.323 protocol test suite was used to identify these flaws.

Cisco IOS release 11.3T and later versions include H.323 support and may be affected if 
configured for various types of voice/multimedia application support.  If the IOS device 
is configured 1) as an H.323 network element, 2) to perform Network Address Translation 
(NAT), or 3) to implement IOS Firewall (Context-Based Access Control [CBAC]), the device 
may be vulnerable.  To determine if your device is affected, see the detailed and specific 
instructions in the advisory.

Other non-IOS products are affected (see below).

A remote user can cause denial of service conditions on the target system.  The target 
system may crash and reboot.  On the Cisco CallManager, ISN, and CCC, Cisco reports that 
the system will crash or will hang with processor utilization of 100% (preventing new 
calls, possibly dropping existing calls, and requirign a reboot to return to normal 
operations).

Cisco reports that IOS systems that block H.323 traffic using an access list to prevent 
H.323 traffic from entering the router are protected.

Cisco notes that the University of Oulu Secure Programming Group (OUSPG) created a test 
suite for H.323, including the H.225.0 and Q.931 messages.  The vulnerabilities identified 
by the suite are largely due to insufficient checking of H.225.0 messages, according to 
the report.

Cisco IOS versions 11.1, 11.2, 11.3, and 12.3 are reportedly not vulnerable.
	
Cisco IOS versions 11.3T, 12.0, 12.0S,12.0T, 12.1, 12.1T, 12.1E, 12.2, 12.2S, and 12.2T 
reportedly have vulnerabilities in the processing of H.323 Network Element traffic (e.g., 
H.323 Gateway, H323 Gatekeeper, and H.323 Gatekeeper with Proxy).

Cisco IOS versions 12.1, 12.1E, 12.2, 12.2T, 12.2S, and 12.3T reportedly have 
vulnerabilities in the processing of H.323 IOS NAT traffic.

Cisco IOS versions 12.0, 12.1, 12.1E, 12.2, 12.2T, and 12.2S reportedly have 
vulnerabilities in the processing of H.323 IOS Firewall (CBAC) traffic.


Vulnerabilities also exist in the following Cisco products:

* Cisco CallManager - Bug IDs CSCdx82831, CSCea46545, and CSCea55518.  Only certain 
configurations are affected (see the advisory).

The First Fixed Regular Releases are 3.1(4b)spD, 3.2(3), 3.3(2)spC, and 3.3(3)


* Cisco Conference Connection - all versions are vulnerable.  Cisco does not plan to issue 
software fixes.  A workaround is provided in the advisory.


* Cisco Internet Service Node - all versions are vulnerable.  Cisco does not plan to issue 
software fixes.  A workaround is provided in the advisory.


* Cisco 7905 Series IP Phone - Bug ID CSCec77152

Version 1.0(1) of the 7905 H.323 phone firmware load contains a fix. The version 1.0(1) 
image names are cp790501001h323031212a.sbin for the signed image and 
cp790501001h323031212a.zup for the unsigned image.


* Cisco ATA18x Series Analog Telephony Devices - Bug IDs CSCea46231 and CSCea48726.

Version 2.16.1 contains a fix.


* Cisco BTS 10200 Softswitch - BugID CSCea48755

Version 4.1 contains a fix.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC