Security Vulnerability in SunForum Involving the H.323 Protocol

---

Impact

Unprivileged local or remote users may be able to kill the SunForum process due to its improper handling of H.323 traffic. This is a type of Denial of Service (DoS).

This issue is described in NISCC Vulnerability Advisory 006489/H323 (see: http://www.uniras.gov.uk/vuls/2004/006489/h323.htm) which is referenced in CERT Advisory CA-2004-01 (see: http://www.cert.org/advisories/CA-2004-01.html).

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

• SunForum 3.2 (for Solaris 2.6, 7, 8, and 9) or earlier without patch 111526-15
• SunForum 3D 1.0 (for Solaris 8 and 9)

Symptoms

Should the described issue occur, the affected "SunForum" process may die due to a segmentation violation ("SEGV" signal). A core file may be generated in the working directory which "SunForum" was started in.

Workaround

Until patches are available and can be applied, sites may wish to block access to the H.323 services from untrusted networks such as the Internet. Use a firewall or other packet-filtering technology to block the appropriate network ports:

• 1720/TCP
• 1720/UDP

Note: These are default ports only and may vary on a site-by-site basis. Consult your vendor or your firewall documentation for detailed instructions on how to configure the ports.

Resolution

This issue is addressed in the following releases:

• SunForum 3.2 (for Solaris 2.6, 7, 8, and 9) or earlier with patch 111526-15 or later

Note: SunForum 3D 1.0 will require an upgrade to SunForum 3.2 with patch 111526-15 to resolve this issue.

Modification History


Date: 16-JAN-2004

• Updated Impact, Symptoms and Relief/Workaround sections

Date: 15-JUN-2004

• Updated Impact and Relief/Workaround sections

Date: 12-NOV-2007

• State: Resolved
• Updated Resolution section

Attachments

This solution has no attachment