RealTime IT News

Protocol Flaw Puts VoIP Users at Risk

Some voice-enabled IP networks could be at risk for denial-of-service and buffer overflow attacks as a result of a security flaw in the H.323 networking protocol for transmitting audio-visual data.

According to an alert from the U.K. National Infrastructure Security Co-Ordination Centre (NISCC), the security vulnerability was identified in the H.323 protocol, which is used for the transmission of real-time audio, video and data information over packet switched-based networks.

"Many vendors include support for this protocol in their products and may be impacted to varying degrees," NISCC warned, adding that exploitation of the security flaw could allow an attacker to create a DoS condition in an IP network. "There are indications that it may be possible for an attacker to execute code as a result of a buffer overflow."

Multiple vendors, including Cisco , Microsoft and Hewlett-Packard use the H.323 protocol in networking and data transmission products.

Cisco, which has been aggressive in the VoIP market, confirmed the implementation of the H.323 protocol in its products could lead to security problems.

Cisco has released patches to plug the holes, which carry a "moderately critical" rating. The company said all products that run the Cisco IOS software and support H.323 packet processing are affected, including devices configured for Session Initiation Protocol (SIP) or Media Gateway Control Protocol (MGCP).

Products affected include the Cisco IOS 11.3T and later versions; Cisco CallManager versions 3.0 through 3.3; Cisco Conference Connection (CCC); Cisco Internet Service Node (ISN); Cisco BTS 10200 Softswitch; Cisco 7905 IP Phone H.323 Software Version 1.00 and the Cisco ATA 18x series products running H.323/SIP loads with versions earlier than 2.16.1.

Microsoft said it plans to issue a patch in its January release of security fixes to plug the H.323 holes. Hewlett Packard and Lucent said they would investigate the NISCC advisory.