NISCC Vulnerability  Advisory 006489/H323 Craig Southeren Last updated 24 July

Contents

Overview

The NISSC announced on 13 January 2004 that they had discovered vulnerabilities in several implementations of the H.323 protocol. This announcement was also released by CERT as Advisory CA-2004-01. 

The principal OpenH323 developers are aware of these announcements, and confirm that OpenH323 does contain some of the vulnerabilities described. Fixes for these vulnerabilities are being worked on and will be announced in the OpenH323 mailing lists when available. 

These vulnerabilities were discovered and demonstrated by a toolkit from the University of Oulu in Finland,. More information on the toolkit can be found at http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/index.html

UPDATE: All releases of PWLib after v1.6.0 contain fixes for the vulnerabilities demonstrated by the NISCC test suite. This includes the Janus baseline release and all subsequent stable and development code releases. 

Please contact the author if:

• you have any additional information regarding these vulnerabilities
• you have discovered any new vulnerabilities
• you are a vendor of an OpenH323 based product, or a distributor of distribution that contains OpenH323, and are offering assistance in finding or fixing vulnerabilities

  Change History

Copyright © 2003-2007 by Post Increment A.B.N 95 856 785 279
All Rights Reserved
All trademarks and copyrights on this page are owned by their respective owners.