Nortel Products H.323 Protocol Implementation Vuln

Full Version: Nortel Products H.323 Protocol Implementation Vuln

GovernmentSecurity.org > The Archives > Exploit Articles

ni3_boom

Jan 19 2004, 05:26 PM

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
Nortel Succession Communication Server for Enterprise 1000
Nortel Business Communications Manager 3.x
Nortel Business Communications Manager 2.x

SOFTWARE:
Nortel IP Trunk and Internet Telephony Gateway 3.x
Nortel IP Trunk and Internet Telephony Gateway 2.x
Nortel IP Trunk and Internet Telephony Gateway 1.x

DESCRIPTION:
Nortel has confirmed that certain of their products have
vulnerabilities in their implementation of the H.323 protocol.

See links in "Other References" section for more information.

SOLUTION:
Business Communications Manager:
Further information is available in Nortel Product Advisory Alert PAA
2003-0392-Global.

Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless
IP Gateway:
Further information is available in Nortel Product Advisory Alert No.
PAA-2003-0465-Global.

Nortel customer support is also available for further information.

North America: 1-800-4NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907
9009

OTHER REFERENCES:
SA10610:
http://www.secunia.com/advisories/10610/

NISCC:
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

CERT advisory:
http://www.cert.org/advisories/CA-2004-01.html

----------------------------------------------------------------------

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.