Serverisaserver

Qualys,Inc.
AllrightsReserved1QualysSecurityAdvisory\January13,2004H.
323ImplementationVulnerabilitiesonMultiplePlatformsADVISORYOVERVIEWJanuary13,2004–QualysVulnerabilityR&DLabtodayreleasednewvulnerabilitysignaturesintheQualysGuardWebServicetoprotectenterprisesagainstvulnerabilitiesinmultiplevendors'implementationsoftheH.
323multimediatelephonyprotocol.
CustomerscanimmediatelyaudittheirnetworksforthesevulnerabilitiesbyaccessingtheirQualysGuardsubscription.
VULNERABILITYDETAILSAvulnerabilitywasannouncedtodayintheimplementationoftheH.
323protocolinproductsfrommultiplevendors.
Anattackercanpotentiallyexploitthisvulnerabilitytoproduceresultsrangingfromadenialofservice(DoS)conditiontoremotecompromiseofthevulnerablesystem.
TheH.
323protocolisusedinnumeroustelephonyandmultimediaproductsinIPnetworks.
Itmaybeusedinhardwareproductssupportingmultimediaconferencingaswellasvariousoperatingsystems.
TheH.
225subcomponentoftheH.
323protocolwasfoundtohavemultiplevulnerabilitiesinvariousvendorimplementationsoftheprotocol.
H.
225ismostcommonlyusedasacomponentofVoiceoverIP(VoIP).
ThevulnerabilityaffectsVoIP,videoconferencing,andtelecommunicationsproductsfromanumberofvendors.
Amongthevendorsknowntobevulnerable:1.
MicrosoftISAServer2000(MS04-001)(CAN-2003-0819)isvulnerabletoabufferoverflowintheMicrosoftFirewallServicethatcouldallowaremoteattackertoexecutemaliciouscode.
ForadditionalinformationaboutaffectedMicrosoftplatformsandavailablepatches,pleasevisittheMicrosoftSecurityBulletinat:http://www.
microsoft.
com/technet/security/bulletin/ms04-001.
asp2.
CiscoIOSFirewallandmultiplenon-IOSproductsaresusceptibletoaDoSconditioncausedbyparsingmalformedH.
323packets.
ForadditionalinformationaboutQualys,Inc.
AllrightsReserved2affectedplatformsandavailablepatches,pleasevisittheCiscoAdvisoryat:http://www.
cisco.
com/warp/public/707/cisco-sa-20040113-h323.
shtmlUsersofotherH.
323-basedVoIP,videoconferencing,andtelecommunicationsequipmentshouldcontacttheirvendorsforinformationaboutpotentialvulnerabilitiesandavailabilityofupdates.
ForadditionalinformationconcerningtheH.
323protocolvulnerabilities,pleasevisittheCarnegieMellonCERTCoordinationCenterknowledgebaseat:http://www.
kb.
cert.
org/vuls/id/749342HOWTOPROTECTYOURNETWORKChecksfortheH.
323protocolvulnerabilityarealreadyavailableintheQualysGuardvulnerabilitymanagementplatform.
Adefaultscanwilldetecttheseissues.
InadditionQualysGuarduserscanperformaselectivescanforthesespecificvulnerabilitiesusingthefollowingchecks:"MicrosoftInternetSecurityandAccelerationServer2000H.
323FilterBufferOverflowVulnerability"(CAN-2003-0819)(MS04-001)oQualysID:90088oLimitthescantoTCPports139and445oWindowsloginrequired"MultipleVendorH.
323ProtocolImplementationVulnerabilities"oQualysID:38246oLimitthescantoTCPport1720oThissignaturegeneratesaPossibleThreatTECHNICALSUPPORTFormoreinformation,customerscancontactQualysTechnicalSupportdirectlyatsupport@qualys.
comor1-866-801-6161.
ABOUTQUALYSGUARDQualysGuardisanon-demandsecurityauditservicedeliveredoverthewebthatenablesorganizationstoeffectivelymanagetheirvulnerabilitiesandmaintaincontrolovertheirnetworksecuritywithcentralizedreports,verifiedremedies,andfullremediationworkflowcapabilitieswithtroubletickets.
QualysGuardprovidescomprehensivereportsonvulnerabilitiesincludingseveritylevels,timetofixestimatesandimpactonbusiness,plustrendanalysisonsecurityissues.
Bycontinuouslyandproactivelymonitoringallnetworkaccesspoints,QualysGuarddramaticallyreducessecuritymanagers'timeresearching,scanningandfixingnetworkexposuresandenablescompaniestoeliminatenetworkvulnerabilitiesbeforetheycanbeexploited.
AccessforQualysGuardcustomers:https://qualysguard.
qualys.
comFreetrialofQualysGuardservice:http://www.
qualys.
com/forms/maintrial.
html