Secunia

Community Login

Customer Login

Partner Login

Overview

Advisories

Research

Forums

Create Profile

Our Commitment

Database

Advisories by Product

Advisories by Vendor

Terminology

Report Vulnerability

Insecure Library Loading

Secunia Advisory SA15761

Nortel Networks Products ICMP Handling Vulnerabilities

Secunia Advisory

SA15761

Get alerted and manage the vulnerability life cycle

Release Date

2005-07-14

Popularity

9,683 views

Comments

0 comments

Criticality level

Less critical

Impact

DoS

Where

From remote

Authentication level

Available in Customer Area

Report reliability

Available in Customer Area

Solution Status

Vendor Workaround

Systems affected

Available in Customer Area

Approve distribution

Available in Customer Area

Operating System

Nortel Access Stack Node (ASN) Router

Nortel Advanced Remote Node (ARN) Router (formerly Passport)

Nortel Application Switches (formerly Alteon)

Nortel Backbone Concentrator Node (BCN) Router

Nortel Backbone Link Node (BLN) Router

Nortel Ethernet Routing Switch 5510 (formerly BayStack)

Nortel Ethernet Routing Switch 5520 (formerly BayStack)

Nortel Ethernet Routing Switch 8600 (formerly Passport)

Nortel Ethernet Switch 420-24T (formerly BayStack)

Nortel Ethernet Switch 425 (formerly BayStack)

Nortel Ethernet Switch 470 (formerly BayStack)

Nortel Multiprotocol Router 2430 (formerly Passport)

Nortel Multiprotocol Router 5430 (formerly Passport)

Nortel Multiservice Access Switch 4400 Series (formerly Passport)

Nortel Multiservice Switch 15000 (formerly Passport)

Nortel Multiservice Switch 20000 (formerly Passport)

Nortel Multiservice Switch 6400 (formerly Passport)

Nortel Multiservice Switch 7400 (formerly Passport)

Nortel Passport 1150 Routing Switch

Nortel Services Edge Router 5500 (formerly Shasta)

Nortel VPN Routers

Secunia CVSS Score

Available in Customer Area

CVE Reference(s)

CVE-2004-0790 CVSS available in Customer Area
CVE-2004-0791 CVSS available in Customer Area
CVE-2004-1060 CVSS available in Customer Area

Description

Nortel Networks has acknowledged some vulnerabilities in various products, which can be exploited by malicious people to cause various types of DoS (Denial of Service).

For more information:
SA14904

The following products are only partly affected:
* Application Switch is only affected on the management port.
* Ethernet Switch (BPS2000/460/470), Ethernet Switch (420/425/325), Ethernet Switch 380-24T, and Ethernet Routing Switch 5510/5520 are only affected by the ICMP Source Quench attack.
* Multiservice Switch (6000 Series, 7000 Series, 15000, and 20000) is at limited risk due to MD5 authentication in PCR 6.1 and improvements made to sequence number selection.
* Multiservice Access Switch 4400 is only affected by ICMP source quench attacks, but does not typically have high speed interfaces.
* Multiprotocol Router Family is not affected by the ICMP Source Quench attack.

Solution
Application Switch (Alteon Family):
Further details available in Customer Area

Original Advisory
Nortel Networks:
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?level=6&category=29&subcategory=1&subtype=&DocumentOID=326515

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Nortel Networks Products ICMP Handling Vulnerabilities

No posts yet

Secunia

Secunia Advisory SA15761

Nortel Networks Products ICMP Handling Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?