Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. Reproducible: Didn't try Steps to Reproduce: 1. 2. 3. The discovered security vulnerabilities (in several implementation of the multimedia telephony protocols H.323 and H.225, including pwlib) could be exploited remotely and will probably lead to a denial of service but may possibly allow execution of arbitrary code. The original announcement of the NISCC which discovered the vulnerabilities: http://www.uniras.gov.uk/vuls/2004/006489/h323.htm The developers statement can be found here: http://www.postincrement.com/openh323/nissc_vulnerabilty.html The CVE assigned CAN-2004-0097 to this issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0097 The solution would be to update pwlib to 1.6.0 or higher (1.6.5 is the current stable release, 1.6.3 the most current in portage, but the most current stable one in portage ist 1.5.0) Temporary workaround is to filter network traffic: port 1720/tcp and 1720/udp There are already some advisory, e.g. from Debian and Red Hat: http://www.linuxsecurity.com/advisories/redhat_advisory-4022.html http://www.debian.org/security/2004/dsa-448.en.html This should be fixed ASAP as this vulnerability is public since 13th of january, a fix is available since 18th january and several distributors sent Advisories in februar, so we are really late. :-(
stkn, can we go stable with pwlib-1.6.3?
I have a problem with pwlib-1.6.3-r1 (Arch: x86) in combination with openh323-1.13.2-r1 and openh323-1.12.2-r2. In both cases I get an error message, when using simph323 to call someone: Could not open sound device VIA 8233 - Check permissions or full duplex capability. Could not open sound device VIA 8233 - Check permissions or full duplex capability. Could not open sound device VIA 8233 - Check permissions or full duplex capability. ALSA lib pcm_hw.c:1055:(snd_pcm_hw_open) open /dev/snd/pcmC0D0c failed: Device or resource busy Could not open sound device VIA 8233 - Check permissions or full duplex capability. ALSA lib pcm_hw.c:1055:(snd_pcm_hw_open) open /dev/snd/pcmC0D0c failed: Device or resource busy Could not open sound device VIA 8233 - Check permissions or full duplex capability. ALSA lib pcm_hw.c:1055:(snd_pcm_hw_open) open /dev/snd/pcmC0D0c failed: Device or resource busy Could not open sound device VIA 8233 - Check permissions or full duplex capability. ALSA lib pcm_hw.c:1055:(snd_pcm_hw_open) open /dev/snd/pcmC0D0c failed: Device or resource busy Could not open sound device VIA 8233 - Check permissions or full duplex capability. In call with ISDN gateway [192.168.202.10] Then the connection is established but neither me nor my the called person does hear anything. Of course I checked permissions (they are OK) and if some other process is using /dev/snd/pcmC0D0c, this is not the case. If I uninstall pwlib-1.6.3-r1 and reinstall pwlib-1.5.2-r2 (with openh323-1.12.2-r2) I have no problems and it worked like before the update. So I believe the cause of this problem must be somewhere in pwlib because everything works when downgrading to pwlib-1.5.2-r2 and keeping the same version of openh323 (openh323-1.12.2-r2).
looks like simph323 is trying to use full-duplex and your sound card doesn't support it, does gnomemeeting work for you?
I am not sure about that. I'm quite confident that the vt8235 has full duplex capabilities. In the past there was also no problem, when the two phoning people were speaking and hearing at the same time. If the hardware/ALSA driver would not support full duplex this should not have been the case as far I unterstand it. And I'm not changing the openh323 version (or simph323 in the openh323 package), I only update/downgrade pwlib (with recompiling the same openh323 version) and have the problem with pwlib-1.6.3 and not with pwlib-1.5.2. I tried to find out, what was changed but was quite unsuccesful because I really don't know the pwlib. There were some changes in pwlib/plugins/sound_alsa/sound_alsa.cxx in the 3 months, but I don't know if they are significant. I am not using gnomemeeting therefore it is not installed on my machine. But I will install and test it this evening after work and keep you informed about that.
back on topic here please stkn, we need to go stable on this. @ Dominik : this problem does not directly relate to this bug and should've been filed as a new bug.
i talked to stkn last night about this, we've decided to apply a patch against 1.5.2 (and then make it stable) for the security vunerability rather than making pwlib 1.6.3 stable, as the one included with gnomemeeting-1.0 doesn't seem to be endorsed as stable by the openh323 people.
pwlib-1.5.2-r3 is in the tree, please do a little testing so i can mark it stable tomorrow (tuesday)
adding other herds.
AMD64 -- pwlib-1.5.2-r3 has amd64 specific stuff in it (if [ ${ARCH} = "amd64" ] ; then) but no amd64 keywords. plzfix when testing/marking stable.
pwlib-1.5.2-r3 is stable on ppc. Removing from Cc.
Stable, removing amd64 from CC
Stable on sparc.
Aida -- can you draft this GLSA?
GLSA 200404-11 sent.