Original release date: January 13, 2004<br> Last revised: <a href="#revisions">April 05, 2004</a><br> Source: CERT/CC, NISCC<br> <p>A complete revision history can be found at the end of this file.</p> <a name="affected"></a> <h3>Systems Affected</h3> <ul> <li>Many software and hardware systems that implement the H.323 protocol <br>Examples include <ul> <li>Voice over Internet Protocol (VoIP) devices and software</li> <li>Video conferencing equipment and software</li> <li>Session Initiation Protocol (SIP) devices and software</li> <li>Media Gateway Control Protocol (MGCP) devices and software</li> <li>Other networking equipment that may process H.323 traffic (e.g., routers and firewalls)</li> </ul> </li> </ul> <a name="overview"></a> <h2>Overview</h2> <P> A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocol H.323. Voice over Internet Protocol (VoIP) and video conferencing equipment and software can use these protocols to communicate over a variety of computer networks. </p> <br> <a name="description"></a> <h2>I. Description</h2> <p> The U.K. National Infrastructure Security Co-ordination Centre (<a href="http://www.niscc.gov.uk/">NISCC</a>) has reported multiple vulnerabilities in different vendor implementations of the multimedia telephony protocol H.323. H.323 is an international standard protocol, published by the International Telecommunications Union, used to facilitate communication among telephony and multimedia systems. Examples of such systems include VoIP, video-conferencing equipment, and network devices that manage H.323 traffic. A test suite developed by NISCC and the University of Oulu Security Programming Group (<a href="http://www.ee.oulu.fi/research/ouspg/">OUSPG</a>) has exposed multiple vulnerabilities in a variety of implementations of the H.323 protocol (specifically its connection setup sub-protocol H.225.0). </p> <p> Information about individual vendor H.323 implementations is available in the <a href="#vendors">Vendor Information</a> section below, and in the Vendor Information section of <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">NISCC Vulnerability Advisory 006489/H323</a>. </p> <p> The U.K. National Infrastructure Security Co-ordination Centre is tracking these vulnerabilities as <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">NISCC/006489/H.323</a>. The CERT/CC is tracking this issue as <A HREF="http://www.kb.cert.org/vuls/id/749342">VU#749342</A>. This reference number corresponds to <A HREF="http://www.cve.mitre.org/">CVE</A> candidate <A HREF="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0819">CAN-2003-0819</A>, as referenced in Microsoft Security Bulletin <a href="http://www.microsoft.com/technet/security/bulletin/ms04-001.asp">MS04-001</a>. </p> <br> <a name="impact"></a> <h2>II. Impact</h2> <p> Exploitation of these vulnerabilities may result in the execution of arbitrary code or cause a denial of service, which in some cases may require a system reboot. </p> <br> <a name="solution"></a> <h2>III. Solution</h2> <h4>Apply a patch or upgrade</h4> <a href="#vendors">Appendix A</a> and the <b>Systems Affected</b> section of Vulnerability Note <a href="http://www.kb.cert.org/vuls/id/749342#systems">VU#749342</a> contain information provided by vendors for this advisory. However, as vendors report new information to the CERT/CC, we will only update <a href="http://www.kb.cert.org/vuls/id/749342">VU#749342</a>. If a particular vendor is not listed, we have not received their comments. Please contact your vendor directly. </p> <h4>Filter network traffic</h4> <p> Sites are encouraged to apply network packet filters to block access to the H.323 services at network borders. This can minimize the potential of denial-of-service attacks originating from outside the perimeter. The specific services that should be filtered include <ul> <li>1720/TCP <li>1720/UDP </ul> Note these are default ports only and may vary on a site-by-site basis. </p> <p> If access cannot be filtered at the network perimeter, the CERT/CC recommends limiting access to only those external hosts that require H.323 for normal operation. As a general rule, filtering <b>all</b> types of network traffic that are not required for normal operation is recommended. </p> <p> It is important to note that some firewalls process H.323 packets and may themselves be vulnerable to attack. As noted in some vendor recommendations like <a href="http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml#process">Cisco Security Advisory 20040113-h323</a> and Microsoft Security Bulletin <a href="http://www.microsoft.com/technet/security/bulletin/ms04-001.asp">MS04-001</a>, certain sites may actually want to <i>disable</i> application layer inspection of H.323 network packets. </p> <p> Protecting your infrastructure against these vulnerabilities may require careful coordination among application, computer, network, and telephony administrators. You may have to make tradeoffs between security and functionality until vulnerable products can be updated. <a name="caveat">For example, blocking port 1720/udp on segments of a network may break certain functionality related to gateway discovery.. </p> <br> <a name="vendors"></a> <h2>Appendix A. - Vendor Information</h2> <p> This appendix contains information provided by vendors for this advisory. Please see the <b>Systems Affected</b> section of <a href="http://www.kb.cert.org/vuls/id/749342#systems">Vulnerability Note VU#749342</a> and the <b>Vendor Information</b> section of <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">NISCC Vulnerability Advisory 006489/H323</a> for the latest information regarding the response of the vendor community to this issue. </p> <!-- begin vendor --> <a name="3Com"> <h4>3Com</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Alcatel"> <h4>Alcatel</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Apple Computer Inc."> <h4>Apple Computer Inc.</h4> <p> <blockquote> Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain the issue described in this note. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="AT&T"> <h4>AT&T</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Avaya"> <h4>Avaya</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Borderware"> <h4>Borderware</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Check Point"> <h4>Check Point</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="BSDI"> <h4>BSDI</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Cisco Systems Inc."> <h4>Cisco Systems Inc.</h4> <p> <blockquote> Please see <a href="http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml">http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Clavister"> <h4>Clavister</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Computer Associates"> <h4>Computer Associates</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Cyberguard"> <h4>Cyberguard</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Debian"> <h4>Debian</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="D-Link Systems"> <h4>D-Link Systems</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Conectiva"> <h4>Conectiva</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="EMC Corporation"> <h4>EMC Corporation</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Engarde"> <h4>Engarde</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="eSoft"> <h4>eSoft</h4> <p> <blockquote> We don't have an H.323 implementation and thus aren't affected by this. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Extreme Networks"> <h4>Extreme Networks</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="F5 Networks"> <h4>F5 Networks</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Foundry Networks Inc."> <h4>Foundry Networks Inc.</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="FreeBSD"> <h4>FreeBSD</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Fujitsu"> <h4>Fujitsu</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Global Technology Associates"> <h4>Global Technology Associates</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Hitachi"> <h4>Hitachi</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="hp"> <h4>Hewlett-Packard Company</h4> <p> <blockquote> <a href="http://www.kb.cert.org/vuls/id/JSHA-5V6HGC">Vulnerable</a> <BR><BR> Please also see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Ingrian Networks"> <h4>Ingrian Networks</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Intel"> <h4>Intel</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Intoto"> <h4>Intoto</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Juniper Networks"> <h4>Juniper Networks</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Lachman"> <h4>Lachman</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Linksys"> <h4>Linksys</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Lotus Software"> <h4>Lotus Software</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Lucent Technologies"> <h4>Lucent Technologies</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Microsoft Corporation"> <h4>Microsoft Corporation</h4> <p> <blockquote> Please see <a href="http://www.microsoft.com/technet/security/bulletin/MS04-001.asp">http://www.microsoft.com/technet/security/bulletin/MS04-001.asp</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="MontaVista Software"> <h4>MontaVista Software</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="MandrakeSoft"> <h4>MandrakeSoft</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Multi-Tech Systems Inc."> <h4>Multi-Tech Systems Inc.</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="NEC Corporation"> <h4>NEC Corporation</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="netbsd"> <h4>NetBSD</h4> <p> <blockquote> NetBSD does not ship any H.323 implementations as part of the Operating System.<br><br> There are a number of third-party implementations available in the pkgsrc system. As these products are found to be vulnerable, or updated, the packages will be updated accordingly. The audit-packages mechanism can be used to check for known-vulnerable package versions. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Netfilter"> <h4>Netfilter</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="NetScreen"> <h4>NetScreen</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Network Appliance"> <h4>Network Appliance</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Nokia"> <h4>Nokia</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Nortel Networks"> <h4>Nortel Networks</h4> <p> <blockquote> The following Nortel Networks Generally Available products and solutions are potentially affected by the vulnerabilities identified in NISCC Vulnerability Advisory 006489/H323 and CERT VU#749342: <br><br> Business Communications Manager (BCM) (all versions) is potentially affected; more information is available in Product Advisory Alert No. PAA 2003-0392-Global. <br><br> Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway are potentially affected; more information is available in Product Advisory Alert No. PAA-2003-0465-Global. <br><br> For more information please contact <br><br> North America: 1-800-4NORTEL or 1-800-466-7835 <br> Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009 <br><br> Contacts for other regions are available at<BR> <a href="http://www.nortelnetworks.com/help/contact/global/">http://www.nortelnetworks.com/help/contact/global/</a><br> <br> Or visit the eService portal at <a href="http://www.nortelnetworks.com/cs">http://www.nortelnetworks.com/cs</a><br> under <i>Advanced Search</i>. <br><br> If you are a channel partner, more information can be found under <a href="http://www.nortelnetworks.com/pic">http://www.nortelnetworks.com/pic</a><br> under <i>Advanced Search</i>. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Novell"> <h4>Novell</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Objective Systems Inc."> <h4>Objective Systems Inc.</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="OpenBSD"> <h4>OpenBSD</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Openwall GNU/*/Linux"> <h4>Openwall GNU/*/Linux</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="RadVision"> <h4>RadVision</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Red Hat Inc."> <h4>Red Hat Inc.</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Oracle Corporation"> <h4>Oracle Corporation</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Riverstone Networks"> <h4>Riverstone Networks</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Secure Computing Corporation"> <h4>Secure Computing Corporation</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="SecureWorks"> <h4>SecureWorks</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Sequent"> <h4>Sequent</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Sony Corporation"> <h4>Sony Corporation</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Stonesoft"> <h4>Stonesoft</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Sun Microsystems Inc."> <h4>Sun Microsystems Inc.</h4> <p> <blockquote> Sun SNMP does not provide support for H.323, so we are not vulnerable. And so far we have not found any bundled products that are affected by this vulnerability. We are also actively investigating our unbundled products to see if they are affected. Updates will be provided to this statement as they become available. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="SuSE Inc."> <h4>SuSE Inc.</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Symantec Corporation"> <h4>Symantec Corporation</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Unisys"> <h4>Unisys</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="TandBerg"> <h4>TandBerg</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Tumbleweed Communications Corp."> <h4>Tumbleweed Communications Corp.</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="TurboLinux"> <h4>TurboLinux</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="uniGone"> <h4>uniGone</h4> <p> <blockquote> Please see the NISCC Vulnerability Advisory 006489/H323 at <a href="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">http://www.uniras.gov.uk/vuls/2004/006489/h323.htm</a><br> </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="WatchGuard"> <h4>WatchGuard</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Wirex"> <h4>Wirex</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="Wind River Systems Inc."> <h4>Wind River Systems Inc.</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="xerox"> <h4>Xerox</h4> <p> <blockquote> <a href="http://www.kb.cert.org/vuls/id/JSHA-5V6J2R">Not Vulnerable</a> <br><br> A response to this vulnerability is available from our Security Information site: <a href="http://www.xerox.com/security">http://www.xerox.com/security</a>. </blockquote> </p> <!-- end vendor --> <!-- begin vendor --> <a name="ZyXEL"> <h4>ZyXEL</h4> <p> <blockquote> No statement is currently available from the vendor regarding this vulnerability. </blockquote> </p> <!-- end vendor --> <hr noshade> <p>The CERT Coordination Center thanks the <a href="http://www.niscc.gov.uk/">NISCC</a> Vulnerability Management Team and the University of Oulu Security Programming Group (<a href="http://www.ee.oulu.fi/research/ouspg/">OUSPG</a>) for coordinating the discovery and release of the technical details of this issue. </p> <hr noshade> <p>Feedback may be directed to the authors: <a href="mailto:cert@cert.org?subject=CA-2004-01%20Feedback%20VU%23749342">Jeffrey S. Havrilla, Mindi J. McDowell, Shawn V. Hernan and Jason A. Rafail</a> <p></p> <!--#include virtual="/include/footer_nocopyright2.html" --> <p>Copyright 2004 Carnegie Mellon University.</p> <a name="revisions"> <p>Revision History <tt><pre> Jan 13, 2004: Initial release Jan 15, 2004: Added <a href="#caveat">caveat</a> to filtering workaround Jan 15, 2004: Updated <a href="#xerox">Xerox</a> statement Apr 05, 2004: Updated <a href="#hp">HP</a> statement </pre></tt> </p> |