Vulnerability Issues in Implementations of the H.323 Protocol

[Chris Wysopal <weld () vulnwatch org>]

NISCC Vulnerability Advisory 006489/H323

Vulnerability Issues in Implementations of the H.323 Protocol

Version Information

Advisory Reference 006489/H323
Release Date 13 January 2004
Last Revision 13 January 2004
Version Number 1.1

What is Affected?

The vulnerabilities described in this advisory affect the network protocol
H.323. Many vendors include support for this protocol in their products and
may be impacted to varying degrees, if at all. The web page detailing this
vulnerability includes any vendor specific information that is available to
us. Please see http://www.uniras.gov.uk/vuls/2004/006489/h323.htm for
further information.


Severity

The severity of these vulnerabilities varies by vendor. Please see the
vendor section below for further information. Alternatively contact your
vendor for product specific information.

If exploited, these vulnerabilities could allow an attacker to create a
Denial of Service condition. There are indications that it may be possible
for an attacker to execute code as a result of a buffer overflow.

<snip>