Protocol Flaw Puts VoIP Users at Risk

Some voice-enabled IP networks could be at risk for denial-of-service and buffer overflow attacks as a result of a security flaw in the H.323 networking protocol for transmitting audio-visual data.

According to an alert from
the U.K. National Infrastructure Security Co-Ordination Centre (NISCC), the
security vulnerability was identified in the H.323 protocol, which is used
for the transmission of real-time audio, video and data information over
packet switched-based networks.

“Many vendors include support for this protocol in their products and may
be impacted to varying degrees,” NISCC warned, adding that exploitation of
the security flaw could allow an attacker to create a DoS condition in an IP network. “There are indications that it may be
possible for an attacker to execute code as a result of a buffer
overflow.”

Multiple vendors, including Cisco , Microsoft and Hewlett-Packard use the H.323 protocol in
networking and data transmission products.

Cisco, which has been aggressive
in the VoIP market, confirmed the implementation of the H.323 protocol in
its products could lead to security problems.

Cisco has released patches to plug the holes, which carry a “moderately critical” rating. The company said all products that run the Cisco IOS software and
support H.323 packet processing are affected, including devices configured
for Session Initiation Protocol (SIP) or Media Gateway Control Protocol
(MGCP).

Products affected include the Cisco IOS 11.3T and later versions; Cisco
CallManager versions 3.0 through 3.3; Cisco Conference Connection (CCC);
Cisco Internet Service Node (ISN); Cisco BTS 10200 Softswitch; Cisco 7905 IP
Phone H.323 Software Version 1.00 and the Cisco ATA 18x series products
running H.323/SIP loads with versions earlier than 2.16.1.

Microsoft said it plans to issue a patch in its January release of security fixes
to plug the H.323 holes. Hewlett Packard and Lucent
said they would investigate the NISCC advisory.