Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


VOIP, Video-Conferencing Apps Face Security Risk



 By: Matthew Hicks
2004-01-13
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Certain vendor implementations of the H.323 protocol could open multimedia applications to denial-of-service attacks and buffer overflows, U.K. security researchers reported on Tuesday.

Multimedia applications such as voice over IP telephony and video conferencing could be vulnerable to security breaches because of flaws in the way a major telephony standard is being used.

Some vendors implementations of the H.323 protocol, an International Telecommunications Union standard for communication among telephony and multimedia devices, are vulnerable to denial of service attacks and, to a lesser extent, the execution of code and system takeovers through buffer overflows, according to an advisory issued Tuesday by the United Kingdoms National Infrastructure Security Co-Ordination Centre (NISCC).

Microsoft Corp. and Cisco Systems Inc. were the only vendors to issue patches and advisories as of Tuesday afternoon, even though products from several other vendors also could be at risk.

Resource Library:
As part of a series of security bulletins it issued on Tuesday, Microsoft released one rated "critical" for its Internet Security and Acceleration Server 2000 software, pointing to a flaw in the H.323 filter that could allow an attacker, through a buffer overflow, to take over control of the system.

Microsoft issued a batch of security bulletins on Tuesday. To read more about the vulnerabilities, click here.

Cisco, of San Jose, Calif., in a security advisory said that all products that run Ciscos IOS network system software and support H.323 packet processing are affected by a vulnerability that can cause denial of service attacks. Cisco supports H.323 in its IOS software with version 11.3T and later.

Other vendors that identified potential vulnerabilities were Nortel Networks Inc., Radvision Corp. and Tandberg. Avaya Inc., Lucent Technologies, Fujistu Ltd. and Hewlett-Packard Co. told the NISCC that they are investigating whether their products are vulnerable to the security flaw.

Among those reporting that their products are not vulnerable were Apple Computer Inc., CyberGuard Corp., eSoft Inc., Hitachi Ltd., the NetBSD Project, Objective Systems Inc., Red Hat Inc., Symantec Corp. and uniGone.

In the United States, the Computer Emergency Response Team Coordination Center also issued an advisory about the vulnerabilities in H.323 implementations. It noted that one possible workaround, along with vendor patches and upgrades, is to block ports 1720/tcp and 1720/udp on network parameters.

According to CERT, more than 50 vendors had not yet reported whether their products were vulnerable.





  Reader Comments: VOIP, Video-Conferencing Apps Face Security Risk
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matthew Hicks
 


xkw0 !cl H $!;Н9,xblm?~y7*Iqq ,T*UJR Kp4ô1%٩c <ޤ^HRco͛6'#CkPgN-˛i:@ 4k9>u3 q@ncF[Y|.$gtj.O_FB঳J [8b=/myy/ftYu ¿kioAסߍ]gndZߟQ,rF"U)m y ϾdPq5t[dQ=˲f g3n]Φ[w5U)j>_+T|f<<<Lp<˴MʜYNwz_{es~!>􏂺 -;7жFszu}qV6n9 :VֶRߘO`JLTRB63 T؀x:~Xsr\㍒~7nJxTPjM-]5=-bGa`%pfQ2I}oU}s}I}z~ri!|c9̠T* PFfP%+5ԩ^uܞn9n;WmuoHs!+|r.!5 0\6:sZ:['^=:$}Z䞺540Z-IJ2iuL|xEd$Y-r"//!}W=fr*C2q/w,oKGɏ3|#Úy >Lmdʩ$|S;CkljoW_rttf-Mf_#dL|])p3Z&T23\MH:Ƃ5ņ])!ex拇A\—V/(A/- 5|*ٛ"K;Cxr!DKI88{FNRٌ.[|48NכUsNVVt];7e{Zw{8k7n-һ^5߷aU"}ƺƻKEhYf7-$갦VG{,VkEx1k@8ʍ/71m!S[ö@ 3 :斟Ӽws: ivڔ?jY OaΧf۱9z4$ࠡM/6}@˥qn>1 @ Ln0i\|ͥn]?&tnYPŞ+ CߜRoVϨG`I l"]LRml;lzd $4)s.yp;LM)`A#` Vz!< 2/?Ch>:OtmQ(=9f>S9·{ʹiǀԘ3jC8oeN˵K (K))%C[]HPw9J B!L0V0(VF䎄R1nJlRi g Rsvn4 {TKh!+K@fsf`(4{~u}bB+|#'dXr`Y \`+|i)lc lԨ[6؛bG*|Ѹ7= KҺ:M MX㓖&)# K8Yf!&B~paZ&4 7qCV,9^\#MCfaMq"V޳g虉m>(L5iOuϙܑ-ӾK% jJ=Us A|5i!SL&Ze on<Gy5&+׹{|+p1g0d0Ќ{Gq=18S7RtZC+>q^i:[@Tg˦zkfT݈^ӛAt( R[k(¡ IRLZ1D4$] `8 2Cɥ0$ lU66d6@=plp#=nP rAG&#SV-ya5sV@@@7h _ T`bL0`NSgAu,f`ۉ泹'?`˟Q,C*8E4hQ*ma3)T0ӹbuߓq |X0b=9]9p/k18_, {guaWjJ Ws4J'MM8` "}8xp4'Z>pdZ`/R3&¿w٤k#RXO%}/(JDEcl ԑq,Y XTȱ,!0}65{APl>-D.M{ \irpf^DRhJq^ni^gT;(h];({12qÝa&GR)Ö1Sghin&{[T'/B>_C'Xk5D\}"=INtxO}F ;Ez . @KЏB(r!D+X±cKQ0Sm1C ^n~J E:kdzT>Q7Ϗ9(gdW%d{)'HR-PˊRԊJR ^{}|s/72~2jƛQ8pF#}yMfn>0zp)4 _0t.rȵ`s|\a2,*lز|˘FմlxTa<ʗJq' #4ߘv+TNJR0]3&K+6{)vȿ jڹ 8?͡[ yc3_?J=[L4G@V1-0g7=3%[(4OQTrbl2~6ȫGGQYk-g}zKdC|fZL$~%Zi({̗rL*H-E idߙ'ksWYy* ݁ͽ(J~@xG2gd1(Ъ#i%N11QEv}l;LʪHG٭P˯q$e l&SbR/MkBk`"%On(}]͠1p JnM<H}ʧBTuQRnTbPQJϢ v\u[/he~6EKfb;o͕Z5;g HsB5x)`f2Ovܖ[J,]A>|a u Mflr{]wѼ@8̕%8NX\=QH4 Z̟4CdE)ujUR ՂTE'sٞE@( {ߋBWuRģo{{C4=5g>?"X7Swg4ċ)u͇RE*mT)gj$D.MÀ>ZbY)ݥ,D(?x0r9_)UɠK< J \h?C U8qm oRٛ8~2_KLCVjD3,`jBUܘ㯌&\?{y!{?|"}QLX_Uv٩G#{?t%.}m??&SuYs0q3f{nt 3o;aAZ}cq 4 8*uZ_IF`Թlo0.[,tJ2}m&A)p}P#.FkC^NE^7[{醿zRB'T ˓8/+qYO(eqhd*ꒀ~*~(i&'ءؠ۳]7'8 $ k|wisq/Ps~%h dgKU 2 KpkP i"+ c-;|C?OJ[L>Xɫq-jw~W!> ?<@s`S*<効=t#QEbݩmsD91ub;2x;xZ1̿ݞpne9y7@|;s'5\{ cv,Q'}훣lm DK,Ai8;?=/PzsgOɭ23XufcԺl+ҿDžܵbpic?%W>i^7yja~%X|OoA5{9f.xʜ(=}![7ǚ9m69gbJwuكF=FCft?i)+eؽҾ28-0z^t,4P$9EQsjV $]|f/<L8zd ,F} d3D?yeТ1>Qwv!.uo06+Ԡ}|z,C]bwR{.fOYVZtC.qekEwWcUKK7ʲFE:'%mo!i4{EFm"fc;EE[3զm0~O O= zm'82 Gf 3L@P`G- ֔I iCDHݛs3E3 _5d ;a3*|ZBZybVaco[1΢ Im1ZQyp:ip*9_3%&p$?\@Ӟ MAWϼ2.mEg(YlQF7bzY26,eMʰ$7{ΗBHΊEr?/|rBFZ-| 69wHOט{ O?;R˦r.ƫJeH)I$%f~<+A_+c,Iƕ;. I^(t8/4QW09 l?udigΖkHvt0<S=6gXVeKXG'oq}6fgk[PJ r6l"e34-]a tLLQ)5h,lm/!a@̒oC7ȼ xL=t,9lP xY%'B~/ J1pyARHlβ nA%*"# &.1.CSnpeFqp,liE?[ J-g>S*bo`| ;,b;nt)b%,xXxIx+Nhn|!PeT\p>}SMIߴ!c#B|S'pz꘬dx'j'zDOLO}*:bF7N1!3zfQĹ=&Jks. e|8j)6jo?/:\gbqs+Y_ňRO^ xR]/ գNl' d_?^b@Q1T9&LyW6VV/ w M ܴ?vڷxDŽ7~sd=͓C;=Kś'A!h/sD Tr@'j!^]lmRER)¢Ɣ?39!X Jj;n`B I(*7sPN%\ `%^` upK'̓x꛻r-^ dhL:h2-aI'!WC!uL ExlY,RSX/ H,X W!W$|/I;Р}'0Ye[&+Ìg3-&{cT»SǜGӠ ҇iaT0 uQIIaEHI"HX$"s2j hk4לK/%'7nc*7}Bf8S ǦR$Hז8Dw Ā_}ؙ]xU7X ?$oooo?_W}z-Nɮit<}G:8-yn2% :uh/M|A8,I*!ᄦ΢ƘΔ"DcG:4v~eKy/|8ru8xzjQ,ᘗ%іM[ףA%EݒR˅C [Cw0O EDͽon /p )Y"wctՀخN+0$GM<&KbG24ږ|S~Tsslx4N}Klm76 ]jB HOhSAgh@Ɠ_ݒ^̙׶=^ {T{R]K.I1 DB$0dBzUȵoOP/ori4y7777W<:*K_S34{{ͫL3NY7wIa-Gj,Pd H!v8 !`wy`ɿ}noƶ5_/a7w“{*;5'i:.M郀yW> s<3'`H 9᥈ oT0"!Q5tO>,}na1]Ø8O$-OF#ķfn7uAEo{#T⚳sh?3i!)ʹd j栆ŷi`Wݲ:>/ Sգ\m6dUoocr.Xt%)AZ)Pj>KH2=60f ' ƗrI1ƱH^LX!L43kx&!([ N7{5 RDrpBLڿr z]aֱ͇Ϡ18i硨V0SK^0"x[ XqҾɼ sMZVړɎ!NiuX ъ#z bw51܊jDZAYFDk_AG-']IΞCm/%f| 6(QIH a->6]+kf?qC@?~T&OrP#L1\%ͦ.0 7Dy u6M;bjrH~RB~n/-|oN1fOaR M:'η v2z޼Cp{gOb{[ ɮOF5=iy=@ךSN|l:/*JuڷfC$/bxE4x$⫱P=Q9!7(wf˽aA =ʱ,~|^E7i.D؝ie9L Ʈ$!/^O’ ÒM\1IOs1)ꚚrMp @ׂ~Tjc O]c"R.'> rl?QX2.ǂ6 y͸<؎;լy<6ͼ͂E t1\ƫVGzE<]C-!V{uRExeL<^^Arӧ3m&5bLv:P;QU6'0H.Q Ƃ@JV5sÚkp}6ǝj6j=!`5;=rvn& /ipzLKo^;G'ܬD f߭# =>'(ڢ 1XJo+=Od hM%aZ' e~2R D#.a߸Jd m4^P)OM-KJ\;4ߘ˛.,^Ouvy1HK%X=ok1qX*l EL|ŜK,G J6Kg|[2@ `ƖC0UzpW} k)q<`A@+{wi/)~J+6G&> yюLݺknR)ݛ9޿/RmF :6z_abu{ι(sS#%gev}0̊۾%Ed[j.; J"%N'09l65In$%H"L] UC `x-P >Fٹ WEo*!;p樯M~^+dazMeVQh0t8LZ8CbOº 2u aK.)EYuhco>zS-;m#!k^"Α,MNo cDRwROaH9p=S["d\1@Q>ɹy MǤۭpxX0!,YC) Qχ9.Δ6")a9蘄0mݚ1;mf<"d/Z/ ݕ/yj5cZ|"1^#&3r)rO_$R c\$@Q:CWU T,G,(!Lz)%@7QI8(-0SOfF"Og8tVܕqV!5>01uYrΌY-AGJ>( PsC:ǂXLl @Đ0(VIL uX\FB(6s 6&A릫oulbꞌ@h),f,ꝯ*|)x<> |+R0b6cwQwe2RqF%Lcz%2eW0`A=#2bg44\K=M];$&G]lFLf y}}uoHݴۤwzӹwW}ѽSP܂/W(;sm}:^:\o:W}[sm.4 "}Iw]$}QX\mO|ӿxRv aW~0`b^)oZ7^OMVTk!?=BVՉt.5g1R[ZTmzfx9l0zIc sbR׾hIi&5+ۼvH)N)M)MfJyʻ)-AR~ 姛π>g)yO(iw6wZFRuRCL*s/R ?m.)ak\%22 >2@\B/S yŸ)2zP1SJ)˔r߫J+) _?S޿Ny&z^J{^Jl.!>BǴrǔ}}L-ߦަ--m :IJ"gk\8=R2~)A__yJ+%YJrSVڍn a{Br!wJ@^~"s}mR+ ]a%=Lk[IR}W:c|u$X2&̯eb^>c˼{}tEq>pp̕]"&˯-cENik|(!s<2g)h{dc,FD4|,y|aR1'ť,O ;H=xĽM߃8*n]nį#TOW=M\wڝGfmzumePcvdmoCdy^$Nf\G,Tk6 WX-JKaġ$] ]ʹ=y,+ꏸu>O?tS߭Ҿj^ = 쓥->~3XV)pF #0 ߤH= [p`FCn%34_ z:}K=s;q`j@L l>EU-*+J9SnO'A"ð!H*+y9_%=a`rTL3BAxG l]{ۦJ̾jC3CX)x=̺ok %~Ck(x.xQmE{_,mRf`-|ygM~ oG2P d 7 J,5{3@3ޛ7r{I2hؐ&%KlŜh'b']' GL͡3,O~f+gMԛwj[UޣQӦB7;[ 6f^=F.Y<&23M{2\x| "e*sCNX!fNؒ1dQURۨWEɐb"9qh kN϶湎3];5eqkQݍ;3ixR n2k-1ƚ 9LDƻ"`/Fp7] X6?=I /'<"4!ng i?3 pߚi₋08B;L]XeC[gIRT~{J]*P=eZRO;] n"8Yz+ޒ{־0 ;C?Bر\8#UI:.~m \*_ %Cb9G(]! M^E#`AQ]kN0zN:]j? )tnwf[9ˎ]ƔQYɶ^!8d2֭kc'p +C%B^p穎TU|Al>c)&;z~.>C2|lz$_xƪ~SAxr=H' m<` G6̖$߂)0t5w =@/7A{| r@ck¾ߟ2"- Ԣ?NSg(\*],6Ał=qL"kMΡt2Q*Ю^x[9Na^q=˼kAўYmw|hd-k^FL!Ү\)VMcpCyf:PbeXl'A׀5V`=H]3(|9NRnãōGXxЬ; [+ Qy:  <Щ0X\bv)E=bꛆ\ ШpSTUD'os^+5pݼsQaW_ cyx ŧ$VS7X|c^54{<]}‹({:ΝIq{8N={7G%П hC|L׿Ͼŗ5:0 ܂aK={w_{>Md`{C-`2P^3! b}I)@5P3x}3vCӌA[;pb_V%Oz`,}k|$o?,W3) e?H݇ 븸t~^ϒÄAʡ.Q9vP;Xzoܵo @ o-)_/`0N(@QR01Dcv6i˺dnfcW07VtbǙ;ayȅ! Z ji pP-mZ9TMLh{ ^{=1#35j{,a=?ŮCEb#wJmO:_$z}Uk{\5_(c0fm_իw. 7cpa\T&ATg1#ObOYgi+lqUb'XG~GTp7YOyսiMSD_l\? E-XeǨbwFE<~_uncf1:f/.QEe7w-T#QEW-1ϬKFA,`t@Df1xk͠ɦCh?,.2h&3xB__>bf:&3_aexk0՛!uA,_9isW^'[ MMI8ĭ?~@ ֟NB2`j fcbf: .+ M$3KtG;+\""p3-K+ͱ~$Wg8Yf@&s=a0ɲ[YqYaG7{'6ƜwcaiAƄܴlf@ Y mѮ3 "۶[] |1=Nա{b #@Pjghô7~,waٰS\vLD;H}RQkC#p*C*!t\A)LK8-K؋N>#)*ၴPjJdg q )HxߋpKv%2d+ш4ax{G[kH"Wbosh3wtG#XޑwoVRV[T, EOP-jxͻm*G Jv❥8b Ω@񗹘:Y #^۬t#xYsK6M\&=d`EgM8XcѲ_y֐l$iy&fplv}$$v)rgԳ=nw ϋ=uo06/׸&ǖ3Ԭ,o~uBF%n:D=|N—KB@XxšMzCLq7?OyͯDޅGXS᫧0CoMXLC尜걣 evpƑ2>;A9Ϛ{4Ô'_ 0"!y_b3RX#Z#"n! T3pe4+DZiShTsw #Ltj9ͬe9MWf KX2MP]q+2#FZ4?DlA^E{k|}pֽKgŧcA+zyjί(a ѰTr߶;kOݛㄽ#\yTGhEM >aV}"ނjo=GC1  3%#t F*3gZV+l"$r42c>09[1Clom'k0mؾ^f6%c(|PrqmJߥTFٻZھ$5lSyxqaY"g{? $*4B