|
Avaya krb5 Two Vulnerabilities
|
|
Secunia Advisory:
|
SA14201
|
|
|
Release Date:
|
2005-02-10
|
|
Popularity:
|
5,103 views
|
|
|
Critical:
|
 Moderately critical
|
|
Impact:
|
Privilege escalation System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Unpatched
|
|
| OS: | Avaya Intuity LX Avaya MN100 Avaya Modular Messaging 2.x Avaya S8XXX Media Servers
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| CVE reference: | CVE-2004-0971 CVE-2004-1189
|
|
Description: Avaya has acknowledged some vulnerabilities in krb5, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and by malicious users to potentially compromise a vulnerable system.
For more information:
SA12967
SA13592
NOTE: Kerberos is not enabled per default.
The vulnerabilities affect:
* Avaya S8700/S8500/S8300 (CM2.0 and later)
* Avaya MN100 (All versions)
* Avaya Intuity LX (version 1.1 through 5.x)
* Avaya Modular Messaging MSS (All versions)
Solution: Grant only trusted users access to affected systems.
Do not run the Kerberos Key Distribution Center (KDC) server on affected systems.
Original Advisory: http://support.avaya.com/elmodocs2/security/ASA-2005-036_RHSA-2005-012.pdf
Other References: SA12967:
http://secunia.com/advisories/12967/
SA13592:
http://secunia.com/advisories/13592/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|