The H.323 protocol, primarily used for video-conferencing and VoIP applications, has been consistently beaten down as a troublesome cluster of standards and protocols since its inception. Flaws in the implementation of these standards is now raising concerns that VoIP networks and users could be at risk of denial of service and buffer overflow attacks. -

Part of the reason video-conferencing hasn't grown into a mainstream application is thanks to H.323, a standard long-ago approved by the International Telecommunication Union (ITU) for audiovisual data transmission across networks. In reality it's really a hodge-podge of assorted standards and protocols, and frequently a nightmare for the security conscious.

Even when working properly, the protocol isn't particularly friendly, requiring 98 percent of the 65,000 odd ports through your firewall be open for it to work effectively. The standard is frequently used in everything from Cisco hardware to Microsoft Net-meeting.

This week finds H.323 under fire yet again; the U.K. National Infrastructure Security Co-Ordination Centre issuing a new warning that a vulnerability in the standard's implementation could allow attackers to launch buffer overflow and denial of service attacks against VoIP products. The NISCC warning lists which products are in jeopardy, with Cisco quick to issue their own advisory and workarounds.

All Cisco products that run the Cisco IOS software and support H.323 packet processing are potentially impacted by the flaw, as well as products by Nortel and Hewlett Packard (though HP is still investigating). Microsoft has indicated the company will release fixes for products utilizing H.323 during their "once-monthly" security patch release later this month.

Successful attacks could either completely crash or reboot unpatched hardware or applications, as well as triggering 100% consumption of a system's resources. The vulnerabilities in H.323 are thanks to assorted errors in the transfer of H.225.0 and Q.931 messages via TCP, which are exploitable by sending specially crafted messages to an affected system via port 1720/tcp.

For reference, check out this thread in our VoIP forum explaining why many of our users simply prefer dealing with SIP (Session Initiation Protocol) based communication.