Vulnerability CVE-2004-0056 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0056 (CCN-14173)

Assigned:

2004-01-13

Published:

2004-01-13

Updated:

2008-09-05

Summary:

Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2003-0819

Source: MITRE
Type: CNA
CVE-2004-0054

Source: MITRE
Type: CNA
CVE-2004-0056

Source: MITRE
Type: CNA
CVE-2004-0097

Source: MITRE
Type: CNA
CVE-2004-0498

Source: MITRE
Type: CNA
CVE-2004-2629

Source: MITRE
Type: CNA
CVE-2004-2758

Source: CCN
Type: RHSA-2004-047
pwlib security update

Source: CCN
Type: RHSA-2004-048
Updated PWLib packages fix protocol security issues

Source: CCN
Type: SA10611
Microsoft ISA Server 2000 H.323 Protocol Filter Vulnerability

Source: CCN
Type: SA10665
SunForum H.323 Protocol Implementation Vulnerabilities

Source: CCN
Type: SA11192
First Virtual Communications Products H.323 Implementation Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1008685
Cisco IOS Routers Can Be Crashed With Malformed H.323 Packets

Source: CCN
Type: SECTRACK ID: 1008687
Nortel Business Communications Manager H.323 Flaws Let Remote Users Deny Service

Source: CCN
Type: SECTRACK ID: 1008698
Microsoft Internet Security and Acceleration Server H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1008749
SunForum H.323 Processing Bug May Let Remote Users Execute Arbitrary Code

Source: CCN
Type: Sun Alert ID: 57476
SunForum is Vulnerable to Issues Described in CERT Advisory CA-2004-01 Multiple H.323 Message

Source: CCN
Type: Sun Alert ID: 101429 (formerly 57476)
Security Vulnerability in SunForum Involving the H.323 Protocol

Source: CCN
Type: CERT Advisory CA-2004-01
Multiple H.323 Message Vulnerabilities

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
CA-2004-01

Source: CCN
Type: CIAC Information Bulletin O-050
Cisco Vulnerabilities in H.323 Message Processing

Source: CCN
Type: Cisco Systems Inc. Security Advisory, 2004 January 13 UTC 1200
Vulnerabilities in H.323 Message Processing

Source: DEBIAN
Type: DSA-448
pwlib -- several vulnerabilities

Source: CCN
Type: University of Oulu Web site
PROTOS Test-Suite: c07-h2250v4

Source: CCN
Type: GLSA-200404-11
Multiple Vulnerabilities in pwlib

Source: CCN
Type: US-CERT VU#749342
Multiple vulnerabilities in H.323 implementations

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#749342

Source: BID
Type: UNKNOWN
9406

Source: CCN
Type: BID-9406
Multiple Vendor H.323 Protocol Implementation Vulnerabilities

Source: CCN
Type: BID-9408
Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1008687

Source: CCN
Type: NISCC Vulnerability Advisory 006489/H323
Vulnerability Issues in Implementations of the H.323 Protocol

Source: CCN
Type: NISCC Vulnerability Advisory 060525/H323
An Update to the Vulnerability Issues in Implementations of the H.323 Protocol

Source: MISC
Type: UNKNOWN
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm

Source: CCN
Type: Internet Security Systems Security Alert, January 13, 2004
Multiple Vendor H.323 Implementation Vulnerabilities

Source: XF
Type: UNKNOWN
C07h2250v4-attacktool-malformed-packets(14173)

Vulnerable Configuration:

Configuration 1:

cpe:/a:nortel:business_communications_manager:*:*:*:*:*:*:*:*

OR cpe:/h:nortel:802.11_wireless_ip_gateway:*:*:*:*:*:*:*:*

OR cpe:/h:nortel:succession_communication_server_1000:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1t:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1e:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1ez:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2x:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.0s:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.0t:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2t:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2:*:*:*:*:*:*:*

OR cpe:/h:cisco:ata-186:*:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/a:checkpoint:next_generation:*:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1ec:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2s:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:11.3t:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1aa:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1yj:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1xl:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1xm:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1yh:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1yi:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2bx:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2dd:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2dx:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2mc:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2mx:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2zj:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2zl:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2xq:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2xw:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:cisco:conference_connection:-:*:*:*:*:*:*:*

OR cpe:/h:cisco:internet_service_node:*:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.0xc:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.0xd:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.0xn:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.0xq:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.0xr:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.0xt:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1xw:*:*:*:*:*:*:*

OR cpe:/a:nortel:business_communications_manager:*:*:*:*:*:*:*:*

OR cpe:/a:sun:sunforum:3d_1.0:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2za:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1xg:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2yb:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.2xs:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1yb:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.0xg:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1xp:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1xt:*:*:*:*:*:*:*

OR cpe:/o:cisco:ios:12.1xc:*:*:*:*:*:*:*

OR cpe:/a:cisco:unified_callmanager:3.3:*:*:*:*:*:*:*

OR cpe:/a:sun:sunforum:-:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*

Denotes that component is vulnerable