http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml

 > Cisco Security Advisory: Vulnerabilities in H.323 Message Processing
 >
 > Document ID: 47843

Cisco reported that several Cisco products have vulnerabilities in the processing of H.323 
messages.  The University of Oulu H.323 protocol test suite was used to identify these flaws.

Cisco IOS release 11.3T and later versions include H.323 support and may be affected if 
configured for various types of voice/multimedia application support.  If the IOS device 
is configured 1) as an H.323 network element, 2) to perform Network Address Translation 
(NAT), or 3) to implement IOS Firewall (Context-Based Access Control [CBAC]), the device 
may be vulnerable.  To determine if your device is affected, see the detailed and specific 
instructions in the advisory.

Other non-IOS products are affected (see below).

A remote user can cause denial of service conditions on the target system.  The target 
system may crash and reboot.  On the Cisco CallManager, ISN, and CCC, Cisco reports that 
the system will crash or will hang with processor utilization of 100% (preventing new 
calls, possibly dropping existing calls, and requirign a reboot to return to normal 
operations).

Cisco reports that IOS systems that block H.323 traffic using an access list to prevent 
H.323 traffic from entering the router are protected.

Cisco notes that the University of Oulu Secure Programming Group (OUSPG) created a test 
suite for H.323, including the H.225.0 and Q.931 messages.  The vulnerabilities identified 
by the suite are largely due to insufficient checking of H.225.0 messages, according to 
the report.

Cisco IOS versions 11.1, 11.2, 11.3, and 12.3 are reportedly not vulnerable.
	
Cisco IOS versions 11.3T, 12.0, 12.0S,12.0T, 12.1, 12.1T, 12.1E, 12.2, 12.2S, and 12.2T 
reportedly have vulnerabilities in the processing of H.323 Network Element traffic (e.g., 
H.323 Gateway, H323 Gatekeeper, and H.323 Gatekeeper with Proxy).

Cisco IOS versions 12.1, 12.1E, 12.2, 12.2T, 12.2S, and 12.3T reportedly have 
vulnerabilities in the processing of H.323 IOS NAT traffic.

Cisco IOS versions 12.0, 12.1, 12.1E, 12.2, 12.2T, and 12.2S reportedly have 
vulnerabilities in the processing of H.323 IOS Firewall (CBAC) traffic.


Vulnerabilities also exist in the following Cisco products:

* Cisco CallManager - Bug IDs CSCdx82831, CSCea46545, and CSCea55518.  Only certain 
configurations are affected (see the advisory).

The First Fixed Regular Releases are 3.1(4b)spD, 3.2(3), 3.3(2)spC, and 3.3(3)


* Cisco Conference Connection - all versions are vulnerable.  Cisco does not plan to issue 
software fixes.  A workaround is provided in the advisory.


* Cisco Internet Service Node - all versions are vulnerable.  Cisco does not plan to issue 
software fixes.  A workaround is provided in the advisory.


* Cisco 7905 Series IP Phone - Bug ID CSCec77152

Version 1.0(1) of the 7905 H.323 phone firmware load contains a fix. The version 1.0(1) 
image names are cp790501001h323031212a.sbin for the signed image and 
cp790501001h323031212a.zup for the unsigned image.


* Cisco ATA18x Series Analog Telephony Devices - Bug IDs CSCea46231 and CSCea48726.

Version 2.16.1 contains a fix.


* Cisco BTS 10200 Softswitch - BugID CSCea48755

Version 4.1 contains a fix.