quintum crashing from virus in H323 protocol???

Discussion in 'VOIP' started by mtupper, Jan 16, 2004.

  1. mtupper

    mtupper Guest

    I have been told that my quintum is failing because of a virus that
    has penetrated Quintum gateways and attacks(?) through ports 1718,
    1719, and 1720. As a result the gateway is having to be reset every
    time the traffic starts to pick up. Also, blocking those ports
    through the firewall doesn't seem to help. Has anyone experienced
    this lately or does this make sense? It happened to me this morning
    and has been a thorn in my side all day and I have a felling a couple
    of more days to come.
     
    mtupper, Jan 16, 2004
    #1
    1. Advertising

  2. mtupper

    Me Guest

    See below

    "mtupper" <> wrote in message
    news:...
    > I have been told that my quintum is failing because of a virus that
    > has penetrated Quintum gateways and attacks(?) through ports 1718,
    > 1719, and 1720. As a result the gateway is having to be reset every
    > time the traffic starts to pick up. Also, blocking those ports
    > through the firewall doesn't seem to help. Has anyone experienced
    > this lately or does this make sense? It happened to me this morning
    > and has been a thorn in my side all day and I have a felling a couple
    > of more days to come.


    CERT Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities

    Original release date: January 13, 2004
    Last revised: --
    Source: CERT/CC, NISCC

    A complete revision history can be found at the end of this file.

    Systems Affected

    * Many software and hardware systems that implement the H.323
    protocol

    Examples include
    + Voice over Internet Protocol (VoIP) devices and software
    + Video conferencing equipment and software
    + Session Initiation Protocol (SIP) devices and software
    + Media Gateway Control Protocol (MGCP) devices and software
    + Other networking equipment that may process H.323 traffic
    (e.g., routers and firewalls)

    Overview

    A number of vulnerabilities have been discovered in various
    implementations of the multimedia telephony protocol H.323. Voice over
    Internet Protocol (VoIP) and video conferencing equipment and software
    can use these protocols to communicate over a variety of computer
    networks.

    I. Description

    The U.K. National Infrastructure Security Co-ordination Centre (NISCC)
    has reported multiple vulnerabilities in different vendor
    implementations of the multimedia telephony protocol H.323. H.323 is
    an international standard protocol, published by the International
    Telecommunications Union, used to facilitate communication among
    telephony and multimedia systems. Examples of such systems include
    VoIP, video-conferencing equipment, and network devices that manage
    H.323 traffic. A test suite developed by NISCC and the University of
    Oulu Security Programming Group (OUSPG) has exposed multiple
    vulnerabilities in a variety of implementations of the H.323 protocol
    (specifically its connection setup sub-protocol H.225.0).

    Information about individual vendor H.323 implementations is available
    in the Vendor Information section below, and in the Vendor Information
    section of NISCC Vulnerability Advisory 006489/H323.

    The U.K. National Infrastructure Security Co-ordination Centre is
    tracking these vulnerabilities as NISCC/006489/H.323. The CERT/CC is
    tracking this issue as VU#749342. This reference number corresponds to
    CVE candidate CAN-2003-0819, as referenced in Microsoft Security
    Bulletin MS04-001.

    II. Impact

    Exploitation of these vulnerabilities may result in the execution of
    arbitrary code or cause a denial of service, which in some cases may
    require a system reboot.

    III. Solution

    Apply a patch or upgrade

    Appendix A and the Systems Affected section of Vulnerability Note
    VU#749342 contain information provided by vendors for this advisory
    (<http://www.kb.cert.org/vuls/id/749342#systems>).

    However, as vendors report new information to the CERT/CC, we will
    only update VU#749342. If a particular vendor is not listed, we have
    not received their comments. Please contact your vendor directly.

    Filter network traffic

    Sites are encouraged to apply network packet filters to block access
    to the H.323 services at network borders. This can minimize the
    potential of denial-of-service attacks originating from outside the
    perimeter. The specific services that should be filtered include

    * 1720/TCP
    * 1720/UDP

    If access cannot be filtered at the network perimeter, the CERT/CC
    recommends limiting access to only those external hosts that require
    H.323 for normal operation. As a general rule, filtering all types of
    network traffic that are not required for normal operation is
    recommended.

    It is important to note that some firewalls process H.323 packets and
    may themselves be vulnerable to attack. As noted in some vendor
    recommendations like Cisco Security Advisory 20040113-h323 and
    Microsoft Security Bulletin MS04-001, certain sites may actually want
    to disable application layer inspection of H.323 network packets.

    Protecting your infrastructure against these vulnerabilities may
    require careful coordination among application, computer, network, and
    telephony administrators. You may have to make tradeoffs between
    security and functionality until vulnerable products can be updated.

    Appendix A. - Vendor Information

    This appendix contains information provided by vendors for this
    advisory. Please see the Systems Affected section of Vulnerability
    Note VU#749342 and the Vendor Information section of NISCC
    Vulnerability Advisory 006489/H323 for the latest information
    regarding the response of the vendor community to this issue.

    3Com

    No statement is currently available from the vendor regarding this
    vulnerability.

    Alcatel

    No statement is currently available from the vendor regarding this
    vulnerability.

    Apple Computer Inc.

    Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain
    the issue described in this note.

    AT&T

    No statement is currently available from the vendor regarding this
    vulnerability.

    Avaya

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    Borderware

    No statement is currently available from the vendor regarding this
    vulnerability.

    Check Point

    No statement is currently available from the vendor regarding this
    vulnerability.

    BSDI

    No statement is currently available from the vendor regarding this
    vulnerability.

    Cisco Systems Inc.

    Please see
    http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml

    Clavister

    No statement is currently available from the vendor regarding this
    vulnerability.

    Computer Associates

    No statement is currently available from the vendor regarding this
    vulnerability.

    Cyberguard

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    Debian

    No statement is currently available from the vendor regarding this
    vulnerability.

    D-Link Systems

    No statement is currently available from the vendor regarding this
    vulnerability.

    Conectiva

    No statement is currently available from the vendor regarding this
    vulnerability.

    EMC Corporation

    No statement is currently available from the vendor regarding this
    vulnerability.

    Engarde

    No statement is currently available from the vendor regarding this
    vulnerability.

    eSoft

    We don't have an H.323 implementation and thus aren't affected by
    this.

    Extreme Networks

    No statement is currently available from the vendor regarding this
    vulnerability.

    F5 Networks

    No statement is currently available from the vendor regarding this
    vulnerability.

    Foundry Networks Inc.

    No statement is currently available from the vendor regarding this
    vulnerability.

    FreeBSD

    No statement is currently available from the vendor regarding this
    vulnerability.

    Fujitsu

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    Global Technology Associates

    No statement is currently available from the vendor regarding this
    vulnerability.

    Hitachi

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    Hewlett-Packard Company

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    Ingrian Networks

    No statement is currently available from the vendor regarding this
    vulnerability.

    Intel

    No statement is currently available from the vendor regarding this
    vulnerability.

    Intoto

    No statement is currently available from the vendor regarding this
    vulnerability.

    Juniper Networks

    No statement is currently available from the vendor regarding this
    vulnerability.

    Lachman

    No statement is currently available from the vendor regarding this
    vulnerability.

    Linksys

    No statement is currently available from the vendor regarding this
    vulnerability.

    Lotus Software

    No statement is currently available from the vendor regarding this
    vulnerability.

    Lucent Technologies

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    Microsoft Corporation

    Please see
    http://www.microsoft.com/technet/security/bulletin/MS04-001.asp

    MontaVista Software

    No statement is currently available from the vendor regarding this
    vulnerability.

    MandrakeSoft

    No statement is currently available from the vendor regarding this
    vulnerability.

    Multi-Tech Systems Inc.

    No statement is currently available from the vendor regarding this
    vulnerability.

    NEC Corporation

    No statement is currently available from the vendor regarding this
    vulnerability.

    NetBSD

    NetBSD does not ship any H.323 implementations as part of the
    Operating System.

    There are a number of third-party implementations available in the
    pkgsrc system. As these products are found to be vulnerable, or
    updated, the packages will be updated accordingly. The
    audit-packages mechanism can be used to check for known-vulnerable
    package versions.

    Netfilter

    No statement is currently available from the vendor regarding this
    vulnerability.

    NetScreen

    No statement is currently available from the vendor regarding this
    vulnerability.

    Network Appliance

    No statement is currently available from the vendor regarding this
    vulnerability.

    Nokia

    No statement is currently available from the vendor regarding this
    vulnerability.

    Nortel Networks

    The following Nortel Networks Generally Available products and
    solutions are potentially affected by the vulnerabilities
    identified in NISCC Vulnerability Advisory 006489/H323 and CERT
    VU#749342:

    Business Communications Manager (BCM) (all versions) is potentially
    affected; more information is available in Product Advisory Alert
    No. PAA 2003-0392-Global.

    Succession 1000 IP Trunk and IP Peer Networking, and 802.11
    Wireless IP Gateway are potentially affected; more information is
    available in Product Advisory Alert No. PAA-2003-0465-Global.

    For more information please contact

    North America: 1-800-4NORTEL or 1-800-466-7835
    Europe, Middle East and Africa: 00800 8008 9009,
    or +44 (0) 870 907 9009

    Contacts for other regions are available at

    http://www.nortelnetworks.com/help/contact/global/

    Or visit the eService portal at http://www.nortelnetworks.com/cs
    under Advanced Search.

    If you are a channel partner, more information can be found under

    http://www.nortelnetworks.com/pic

    under Advanced Search.

    Novell

    No statement is currently available from the vendor regarding this
    vulnerability.

    Objective Systems Inc.

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    OpenBSD

    No statement is currently available from the vendor regarding this
    vulnerability.

    Openwall GNU/*/Linux

    No statement is currently available from the vendor regarding this
    vulnerability.

    RadVision

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    Red Hat Inc.

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    Oracle Corporation

    No statement is currently available from the vendor regarding this
    vulnerability.

    Riverstone Networks

    No statement is currently available from the vendor regarding this
    vulnerability.

    Secure Computing Corporation

    No statement is currently available from the vendor regarding this
    vulnerability.

    SecureWorks

    No statement is currently available from the vendor regarding this
    vulnerability.

    Sequent

    No statement is currently available from the vendor regarding this
    vulnerability.

    Sony Corporation

    No statement is currently available from the vendor regarding this
    vulnerability.

    Stonesoft

    No statement is currently available from the vendor regarding this
    vulnerability.

    Sun Microsystems Inc.

    Sun SNMP does not provide support for H.323, so we are not
    vulnerable. And so far we have not found any bundled products that
    are affected by this vulnerability. We are also actively
    investigating our unbundled products to see if they are affected.
    Updates will be provided to this statement as they become
    available.

    SuSE Inc.

    No statement is currently available from the vendor regarding this
    vulnerability.

    Symantec Corporation

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    Unisys

    No statement is currently available from the vendor regarding this
    vulnerability.

    TandBerg

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    Tumbleweed Communications Corp.

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    TurboLinux

    No statement is currently available from the vendor regarding this
    vulnerability.

    uniGone

    Please see the NISCC Vulnerability Advisory 006489/H323 at
    http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

    WatchGuard

    No statement is currently available from the vendor regarding this
    vulnerability.

    Wirex

    No statement is currently available from the vendor regarding this
    vulnerability.

    Wind River Systems Inc.

    No statement is currently available from the vendor regarding this
    vulnerability.

    Xerox

    No statement is currently available from the vendor regarding this
    vulnerability.

    ZyXEL

    No statement is currently available from the vendor regarding this
    vulnerability.
    _________________________________________________________________

    The CERT Coordination Center thanks the NISCC Vulnerability Management
    Team and the University of Oulu Security Programming Group (OUSPG) for
    coordinating the discovery and release of the technical details of
    this issue.
    _________________________________________________________________

    Feedback may be directed to the authors: Jeffrey S. Havrilla, Mindi J.
    McDowell, Shawn V. Hernan and Jason A. Rafail
    ______________________________________________________________________

    This document is available from:
    http://www.cert.org/advisories/CA-2004-01.html
    ______________________________________________________________________

    CERT/CC Contact Information

    Email:
    Phone: +1 412-268-7090 (24-hour hotline)
    Fax: +1 412-268-6989
    Postal address:
    CERT Coordination Center
    Software Engineering Institute
    Carnegie Mellon University
    Pittsburgh PA 15213-3890
    U.S.A.

    CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
    EDT(GMT-4) Monday through Friday; they are on call for emergencies
    during other hours, on U.S. holidays, and on weekends.

    Using encryption

    We strongly urge you to encrypt sensitive information sent by email.
    Our public PGP key is available from
    http://www.cert.org/CERT_PGP.key

    If you prefer to use DES, please call the CERT hotline for more
    information.

    Getting security information

    CERT publications and other security information are available from
    our web site
    http://www.cert.org/

    To subscribe to the CERT mailing list for advisories and bulletins,
    send email to . Please include in the body of your
    message

    subscribe cert-advisory

    * "CERT" and "CERT Coordination Center" are registered in the U.S.
    Patent and Trademark Office.
    ______________________________________________________________________

    NO WARRANTY
    Any material furnished by Carnegie Mellon University and the Software
    Engineering Institute is furnished on an "as is" basis. Carnegie
    Mellon University makes no warranties of any kind, either expressed or
    implied as to any matter including, but not limited to, warranty of
    fitness for a particular purpose or merchantability, exclusivity or
    results obtained from use of the material. Carnegie Mellon University
    does not make any warranty of any kind with respect to freedom from
    patent, trademark, or copyright infringement.
    ______________________________________________________________________

    Conditions for use, disclaimers, and sponsorship information

    Copyright 2004 Carnegie Mellon University.

    Revision History
    January 13, 2004: Initial release
     
    Me, Jan 16, 2004
    #2
    1. Advertising

  3. mtupper

    Neil Smith Guest

    Thanks for that posting mtupper, and for bringing it to our attention.
    Seems it also affects ISA server H323 forwarding, and presumably
    gnomemeeting, intel video phone and cuseeme H323 mode.

    I reposted it to the Netmeeting newsgroups.

    Cheers - Neil.

    On Fri, 16 Jan 2004 03:06:50 GMT, "Me" <> wrote:

    >See below
    >
    >"mtupper" <> wrote in message
    >news:...
    >> I have been told that my quintum is failing because of a virus that
    >> has penetrated Quintum gateways and attacks(?) through ports 1718,
    >> 1719, and 1720. As a result the gateway is having to be reset every
    >> time the traffic starts to pick up. Also, blocking those ports
    >> through the firewall doesn't seem to help. Has anyone experienced
    >> this lately or does this make sense? It happened to me this morning
    >> and has been a thorn in my side all day and I have a felling a couple
    >> of more days to come.

    >
    >CERT Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities
    >
    > Original release date: January 13, 2004
    > Last revised: --
    > Source: CERT/CC, NISCC
    >
    > A complete revision history can be found at the end of this file.
    >
    >Systems Affected
    >
    > * Many software and hardware systems that implement the H.323
    > protocol
    >
    > Examples include
    > + Voice over Internet Protocol (VoIP) devices and software
    > + Video conferencing equipment and software
    > + Session Initiation Protocol (SIP) devices and software
    > + Media Gateway Control Protocol (MGCP) devices and software
    > + Other networking equipment that may process H.323 traffic
    > (e.g., routers and firewalls)
    >
    >Overview
    >
    > A number of vulnerabilities have been discovered in various
    > implementations of the multimedia telephony protocol H.323. Voice over
    > Internet Protocol (VoIP) and video conferencing equipment and software
    > can use these protocols to communicate over a variety of computer
    > networks.
    >
    >I. Description
    >
    > The U.K. National Infrastructure Security Co-ordination Centre (NISCC)
    > has reported multiple vulnerabilities in different vendor
    > implementations of the multimedia telephony protocol H.323. H.323 is
    > an international standard protocol, published by the International
    > Telecommunications Union, used to facilitate communication among
    > telephony and multimedia systems. Examples of such systems include
    > VoIP, video-conferencing equipment, and network devices that manage
    > H.323 traffic. A test suite developed by NISCC and the University of
    > Oulu Security Programming Group (OUSPG) has exposed multiple
    > vulnerabilities in a variety of implementations of the H.323 protocol
    > (specifically its connection setup sub-protocol H.225.0).
    >
    > Information about individual vendor H.323 implementations is available
    > in the Vendor Information section below, and in the Vendor Information
    > section of NISCC Vulnerability Advisory 006489/H323.
    >
    > The U.K. National Infrastructure Security Co-ordination Centre is
    > tracking these vulnerabilities as NISCC/006489/H.323. The CERT/CC is
    > tracking this issue as VU#749342. This reference number corresponds to
    > CVE candidate CAN-2003-0819, as referenced in Microsoft Security
    > Bulletin MS04-001.
    >
    >II. Impact
    >
    > Exploitation of these vulnerabilities may result in the execution of
    > arbitrary code or cause a denial of service, which in some cases may
    > require a system reboot.
    >
    >III. Solution
    >
    >Apply a patch or upgrade
    >
    > Appendix A and the Systems Affected section of Vulnerability Note
    > VU#749342 contain information provided by vendors for this advisory
    > (<http://www.kb.cert.org/vuls/id/749342#systems>).
    >
    > However, as vendors report new information to the CERT/CC, we will
    > only update VU#749342. If a particular vendor is not listed, we have
    > not received their comments. Please contact your vendor directly.
    >
    >Filter network traffic
    >
    > Sites are encouraged to apply network packet filters to block access
    > to the H.323 services at network borders. This can minimize the
    > potential of denial-of-service attacks originating from outside the
    > perimeter. The specific services that should be filtered include
    >
    > * 1720/TCP
    > * 1720/UDP
    >
    > If access cannot be filtered at the network perimeter, the CERT/CC
    > recommends limiting access to only those external hosts that require
    > H.323 for normal operation. As a general rule, filtering all types of
    > network traffic that are not required for normal operation is
    > recommended.
    >
    > It is important to note that some firewalls process H.323 packets and
    > may themselves be vulnerable to attack. As noted in some vendor
    > recommendations like Cisco Security Advisory 20040113-h323 and
    > Microsoft Security Bulletin MS04-001, certain sites may actually want
    > to disable application layer inspection of H.323 network packets.
    >
    > Protecting your infrastructure against these vulnerabilities may
    > require careful coordination among application, computer, network, and
    > telephony administrators. You may have to make tradeoffs between
    > security and functionality until vulnerable products can be updated.
    >
    >Appendix A. - Vendor Information
    >
    > This appendix contains information provided by vendors for this
    > advisory. Please see the Systems Affected section of Vulnerability
    > Note VU#749342 and the Vendor Information section of NISCC
    > Vulnerability Advisory 006489/H323 for the latest information
    > regarding the response of the vendor community to this issue.
    >
    >3Com
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Alcatel
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Apple Computer Inc.
    >
    > Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain
    > the issue described in this note.
    >
    >AT&T
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Avaya
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >Borderware
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Check Point
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >BSDI
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Cisco Systems Inc.
    >
    > Please see
    > http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
    >
    >Clavister
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Computer Associates
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Cyberguard
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >Debian
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >D-Link Systems
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Conectiva
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >EMC Corporation
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Engarde
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >eSoft
    >
    > We don't have an H.323 implementation and thus aren't affected by
    > this.
    >
    >Extreme Networks
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >F5 Networks
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Foundry Networks Inc.
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >FreeBSD
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Fujitsu
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >Global Technology Associates
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Hitachi
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >Hewlett-Packard Company
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >Ingrian Networks
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Intel
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Intoto
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Juniper Networks
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Lachman
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Linksys
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Lotus Software
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Lucent Technologies
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >Microsoft Corporation
    >
    > Please see
    > http://www.microsoft.com/technet/security/bulletin/MS04-001.asp
    >
    >MontaVista Software
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >MandrakeSoft
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Multi-Tech Systems Inc.
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >NEC Corporation
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >NetBSD
    >
    > NetBSD does not ship any H.323 implementations as part of the
    > Operating System.
    >
    > There are a number of third-party implementations available in the
    > pkgsrc system. As these products are found to be vulnerable, or
    > updated, the packages will be updated accordingly. The
    > audit-packages mechanism can be used to check for known-vulnerable
    > package versions.
    >
    >Netfilter
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >NetScreen
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Network Appliance
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Nokia
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Nortel Networks
    >
    > The following Nortel Networks Generally Available products and
    > solutions are potentially affected by the vulnerabilities
    > identified in NISCC Vulnerability Advisory 006489/H323 and CERT
    > VU#749342:
    >
    > Business Communications Manager (BCM) (all versions) is potentially
    > affected; more information is available in Product Advisory Alert
    > No. PAA 2003-0392-Global.
    >
    > Succession 1000 IP Trunk and IP Peer Networking, and 802.11
    > Wireless IP Gateway are potentially affected; more information is
    > available in Product Advisory Alert No. PAA-2003-0465-Global.
    >
    > For more information please contact
    >
    > North America: 1-800-4NORTEL or 1-800-466-7835
    > Europe, Middle East and Africa: 00800 8008 9009,
    > or +44 (0) 870 907 9009
    >
    > Contacts for other regions are available at
    >
    > http://www.nortelnetworks.com/help/contact/global/
    >
    > Or visit the eService portal at http://www.nortelnetworks.com/cs
    > under Advanced Search.
    >
    > If you are a channel partner, more information can be found under
    >
    > http://www.nortelnetworks.com/pic
    >
    > under Advanced Search.
    >
    >Novell
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Objective Systems Inc.
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >OpenBSD
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Openwall GNU/*/Linux
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >RadVision
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >Red Hat Inc.
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >Oracle Corporation
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Riverstone Networks
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Secure Computing Corporation
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >SecureWorks
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Sequent
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Sony Corporation
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Stonesoft
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Sun Microsystems Inc.
    >
    > Sun SNMP does not provide support for H.323, so we are not
    > vulnerable. And so far we have not found any bundled products that
    > are affected by this vulnerability. We are also actively
    > investigating our unbundled products to see if they are affected.
    > Updates will be provided to this statement as they become
    > available.
    >
    >SuSE Inc.
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Symantec Corporation
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >Unisys
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >TandBerg
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >Tumbleweed Communications Corp.
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >TurboLinux
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >uniGone
    >
    > Please see the NISCC Vulnerability Advisory 006489/H323 at
    > http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
    >
    >WatchGuard
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Wirex
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Wind River Systems Inc.
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >Xerox
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    >
    >ZyXEL
    >
    > No statement is currently available from the vendor regarding this
    > vulnerability.
    > _________________________________________________________________
    >
    > The CERT Coordination Center thanks the NISCC Vulnerability Management
    > Team and the University of Oulu Security Programming Group (OUSPG) for
    > coordinating the discovery and release of the technical details of
    > this issue.
    > _________________________________________________________________
    >
    > Feedback may be directed to the authors: Jeffrey S. Havrilla, Mindi J.
    > McDowell, Shawn V. Hernan and Jason A. Rafail
    > ______________________________________________________________________
    >
    > This document is available from:
    > http://www.cert.org/advisories/CA-2004-01.html
    > ______________________________________________________________________
    >
    >CERT/CC Contact Information
    >
    > Email:
    > Phone: +1 412-268-7090 (24-hour hotline)
    > Fax: +1 412-268-6989
    > Postal address:
    > CERT Coordination Center
    > Software Engineering Institute
    > Carnegie Mellon University
    > Pittsburgh PA 15213-3890
    > U.S.A.
    >
    > CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
    > EDT(GMT-4) Monday through Friday; they are on call for emergencies
    > during other hours, on U.S. holidays, and on weekends.
    >
    >Using encryption
    >
    > We strongly urge you to encrypt sensitive information sent by email.
    > Our public PGP key is available from
    > http://www.cert.org/CERT_PGP.key
    >
    > If you prefer to use DES, please call the CERT hotline for more
    > information.
    >
    >Getting security information
    >
    > CERT publications and other security information are available from
    > our web site
    > http://www.cert.org/
    >
    > To subscribe to the CERT mailing list for advisories and bulletins,
    > send email to . Please include in the body of your
    > message
    >
    > subscribe cert-advisory
    >
    > * "CERT" and "CERT Coordination Center" are registered in the U.S.
    > Patent and Trademark Office.
    > ______________________________________________________________________
    >
    > NO WARRANTY
    > Any material furnished by Carnegie Mellon University and the Software
    > Engineering Institute is furnished on an "as is" basis. Carnegie
    > Mellon University makes no warranties of any kind, either expressed or
    > implied as to any matter including, but not limited to, warranty of
    > fitness for a particular purpose or merchantability, exclusivity or
    > results obtained from use of the material. Carnegie Mellon University
    > does not make any warranty of any kind with respect to freedom from
    > patent, trademark, or copyright infringement.
    > ______________________________________________________________________
    >
    > Conditions for use, disclaimers, and sponsorship information
    >
    > Copyright 2004 Carnegie Mellon University.
    >
    > Revision History
    >January 13, 2004: Initial release
    >
    >


    ========================================================
    CaptionKit http://www.captionkit.com : Produce subtitled
    internet media, transcripts and searchable video. Supports
    Real Player, Quicktime and Windows Media Player.

    VideoChat with friends online, get Freshly Toasted every
    day at http://www.fresh-toast.net : NetMeeting solutions
    for a connected world.
     
    Neil Smith, Jan 16, 2004
    #3
  4. mtupper

    JP Guest

    mtupper wrote:

    > I have been told that my quintum is failing because of a virus that
    > has penetrated Quintum gateways and attacks(?) through ports 1718,
    > 1719, and 1720. As a result the gateway is having to be reset every
    > time the traffic starts to pick up. Also, blocking those ports
    > through the firewall doesn't seem to help. Has anyone experienced
    > this lately or does this make sense? It happened to me this morning
    > and has been a thorn in my side all day and I have a felling a couple
    > of more days to come.


    I see there is a fix available at http://www.quintum.com/support/

    I hope this does the trick for you!
     
    JP, Jan 17, 2004
    #4
  5. mtupper

    JP Guest

    mtupper wrote:

    > I have been told that my quintum is failing because of a virus that
    > has penetrated Quintum gateways and attacks(?) through ports 1718,
    > 1719, and 1720. As a result the gateway is having to be reset every
    > time the traffic starts to pick up. Also, blocking those ports
    > through the firewall doesn't seem to help. Has anyone experienced
    > this lately or does this make sense? It happened to me this morning
    > and has been a thorn in my side all day and I have a felling a couple
    > of more days to come.


    I see there is a fix available at http://www.quintum.com/support/

    I hope this does the trick for you!
     
    JP, Jan 17, 2004
    #5
  6. mtupper

    mtupper Guest

    Thanks Me, Niel and JP... We downloaded the firmware upgrade from
    Quintum on Friday night and it seems to have resolved the issue. It
    scares the hell out of me though to see how vulnerable VoIP still is
    considering the amount of business I had depending on it that was
    basically out for 2 days... The same cant be said about a DMS switch
    with SS7 - no wonder all the old-shoolers are so reluctant to accept
    VoIP.

    JP <> wrote in message news:<>...
    > mtupper wrote:
    >
    > > I have been told that my quintum is failing because of a virus that
    > > has penetrated Quintum gateways and attacks(?) through ports 1718,
    > > 1719, and 1720. As a result the gateway is having to be reset every
    > > time the traffic starts to pick up. Also, blocking those ports
    > > through the firewall doesn't seem to help. Has anyone experienced
    > > this lately or does this make sense? It happened to me this morning
    > > and has been a thorn in my side all day and I have a felling a couple
    > > of more days to come.

    >
    > I see there is a fix available at http://www.quintum.com/support/
    >
    > I hope this does the trick for you!
     
    mtupper, Jan 20, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. news.comcast.giganews.com

    Protocol Chart - Learn how to use a Protocol Analyzer

    news.comcast.giganews.com, Aug 21, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    2,967
    news.comcast.giganews.com
    Aug 21, 2004
  2. Quintum Setup

    , Dec 12, 2005, in forum: Cisco
    Replies:
    0
    Views:
    832
  3. Rejith Krishnan
    Replies:
    3
    Views:
    700
    Appan KH
    Nov 24, 2003
  4. Rejith Krishnan

    Help configuring Quintum Tenor A800

    Rejith Krishnan, Nov 28, 2003, in forum: VOIP
    Replies:
    1
    Views:
    3,650
    raonel
    Feb 15, 2005
  5. Mihai
    Replies:
    0
    Views:
    661
    Mihai
    Jan 7, 2004
Loading...

Share This Page