International Headquarters:
RADVISION Ltd. (Israel) Tel: (+972) 3 767 9393 Fax: (+972) 3 767 9550 SWsupport@radvision.com   |
|
H.323 Vulnerability Alert
RADVISION H.323 Toolkit Invulnerable to Security Flaw
RADVISION H.323 TOOLKIT PROVIDES FULL PROTECTION AGAINST RECENTLY ANNOUNCED VOICE AND VIDEO OVER IP VULNERABILITY
A report prepared by the U.K. National Infrastructure Security Co-ordination Center (NISCC) highlights a number of implementation-specific vulnerabilities in the H.323 Protocol which, if exploited, could allow an attacker to create a Denial of Service (DoS) condition.
- This vulnerability is not in the H.323 standard but in its implementation.
- However, everyone that we are aware of who offers H.323-based voice and video solutions implemented H.323 in a way that has this vulnerability.
- However, RADVISION addressed the DoS vulnerability problem in the latest version (V 4.2) of its H.323 developer toolkit, which was made generally available in Q4 2003.
- Therefore, voice and video over IP products that were developed based on this version are not vulnerable to the DoS attacks as described by NISCC in their recent report.
- IMPORTANT: this alert covers the RADVISION H.323 developer toolkit. All currently shipping products in RADVISION’s line of videoconferencing and multimedia communications solutions are invulnerable to this flaw.
- RADVISION has also been supplying patches to provide similar protection for the latest builds of versions 4.0 and 4.1 of its toolkit (note: our 4.0 toolkit has been on the market for over two years).
- Customers using RADVISION H.323 products v3 and earlier need to work with RADVISION customer support to resolve the specific problems they may have with their legacy products and this vulnerability.
- Whom to contact: RADVISION customers who are part of the RADVISION maintenance and support program should contact with RADVISION support engineers to receive the appropriate version for their products (patch for v4.0 and v4.1 or replace with current release of v4.2).