|
|
 |
| New User, Welcome! Login |
Nortel Telephony Server Denial of Service
| From: |
daniel stirnimann csnc ch |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
Nortel Telephony Server Denial of Service |
| Date: |
Thu - Oct 18, 2007 05:02 AM |
#############################################################
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#############################################################
#
# Product: Telephony Server
# Vendor: Nortel
# Subject: Telephony Server Denial of Service
# Risk: High
# Effect: Currently exploitable
# Author: Cyrill Brunschwiler (cyrill.brunschwiler (at) csnc (dot) ch
# Date: October, 18th 2007
#
#############################################################
Introduction:
-------------
A malicious user who can send a flood of packets to specific E-LAN ports on the Telephony Server is able to crash the telephony application. The server needs to be rebooted to resume normal operation.
Nortel has noted this as:
Title: Potential CS1000 DoS Vulnerability
Number: 2007008384
http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY
Vulnerable:
-----------
Communication Server 1000
and others.
See associated products on the Nortel advisory.
Vulnerability Management:
-------------------------
June 2007: Vulnerability found
June 2007: Nortel Security notified
October 2007: Nortel Advisory available
October 2007: Compass Security Information
Remediation:
------------
Follow the recommended actions for the affected systems, as identified in the Nortel Advisory.
Reference:
http://www.csnc.ch/static/advisory/secadvisorylist.html
|
|
|
Copyright © 1995-2013 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
