Cisco Systems 10200 Vulnerabilities in H.323 Message Processing, Authentication, Authorization and Accounting Support

2-11

Cisco BTS 10200 Softswitch Operations and Maintenance Guide, Release 6.0.x

OL-16000-07

Chapter 2 Managing BTS Users and Commands Using EMS

Solaris OS Security and BTShard Package

Vulnerabilities in H.323 Message Processing

During 2002 the University of Oulu Security Programming Group (OUSPG) discovered a number of

implementation-specific vulnerabilities in the Simple Network Management Protocol (SNMP).

Subsequent to this discovery, the National Infrastructure Security Coordination Centre (NISCC)

performed and commissioned further work on identifying implementation specific vulnerabilities in

related protocols that are critical to the United Kingdom Critical National Infrastructure. One of these

protocols is H.225, that is part of the H.323 family and is commonly implemented as a component of

multimedia applications such as Voice over IP (VoIP).

OUSPG produced a test suite for H.225 and employed it to validate their findings against a number of

products from different vendors. The test results have been confirmed by testing performed by NISCC

and the affected vendors contacted with the test results. These vendors' product lines cover a great deal

of the existing critical information infrastructure worldwide and have therefore been addressed as a

priority. However, the NISCC has subsequently contacted other vendors whose products employ H.323

and provided them with tools with which to test these implementations.

Authentication, Authorization and Accounting Support

These extensions represent modifications to the current scheme of user account management on the

system. It includes support for the following two protocols; these protocols are not required to be

mutually inclusive.

• Radius Protocol

• Lightweight Directory Access Protocol (LDAP)

Prior to Release 4.4, user account management for the BTS 10200 used the standard Solaris password

management facilities without the use of the Authentication Dial-In User Service Network Information

Service (NIS). All accounts are stored locally and referenced locally. This security feature begins

support for a complete AAA model for user account management. This model impacts several internal

subsystems of the BTS 10200 Element Management System (EMS) application. It also impacts the core

Node Show SERVICE [Required]

Must be one of the

following: FTP,

TELNET, ECHO,

DISCARD, PRINTER,

DAYTIME, CHARGEN,

SMTP, TIME, FINGER,

SUNRPC, EXEC,

NFS, LOCKD, X11,

DTSCP,

FONT-SERVICES,

HTTP.

Defines the service to display.

Node Show Node [Required] Defines the node to display for the state of the

service.

Table 2-3 Node Command for UNIX Services (continued)

Noun Verb Options Description