VOIP, Video-Conferencing Apps Face Security Risk
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

VOIP, Video-Conferencing Apps Face Security Risk

Written By
Matthew Hicks
Matthew Hicks
Jan 13, 2004
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Multimedia applications such as voice over IP telephony and video conferencing could be vulnerable to security breaches because of flaws in the way a major telephony standard is being used.

Some vendors implementations of the H.323 protocol, an International Telecommunications Union standard for communication among telephony and multimedia devices, are vulnerable to denial of service attacks and, to a lesser extent, the execution of code and system takeovers through buffer overflows, according to an advisory issued Tuesday by the United Kingdoms National Infrastructure Security Co-Ordination Centre (NISCC).

Microsoft Corp. and Cisco Systems Inc. were the only vendors to issue patches and advisories as of Tuesday afternoon, even though products from several other vendors also could be at risk.

As part of a series of security bulletins it issued on Tuesday, Microsoft released one rated “critical” for its Internet Security and Acceleration Server 2000 software, pointing to a flaw in the H.323 filter that could allow an attacker, through a buffer overflow, to take over control of the system.

/zimages/2/28571.gifMicrosoft issued a batch of security bulletins on Tuesday. To read more about the vulnerabilities,click here.

Cisco, of San Jose, Calif., in a security advisory said that all products that run Ciscos IOS network system software and support H.323 packet processing are affected by a vulnerability that can cause denial of service attacks. Cisco supports H.323 in its IOS software with version 11.3T and later.

Other vendors that identified potential vulnerabilities were Nortel Networks Inc., Radvision Corp. and Tandberg. Avaya Inc., Lucent Technologies, Fujistu Ltd. and Hewlett-Packard Co. told the NISCC that they are investigating whether their products are vulnerable to the security flaw.

Among those reporting that their products are not vulnerable were Apple Computer Inc., CyberGuard Corp., eSoft Inc., Hitachi Ltd., the NetBSD Project, Objective Systems Inc., Red Hat Inc., Symantec Corp. and uniGone.

In the United States, the Computer Emergency Response Team Coordination Center also issued an advisory about the vulnerabilities in H.323 implementations. It noted that one possible workaround, along with vendor patches and upgrades, is to block ports 1720/tcp and 1720/udp on network parameters.

According to CERT, more than 50 vendors had not yet reported whether their products were vulnerable.

/zimages/2/28571.gif
Matthew Hicks
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information