|
Avaya CMS / IR Sun Solaris Sendmail Denial of Service
|
|
|
|
|
Secunia Advisory:
|
SA21647
|
|
|
Release Date:
|
2006-08-30
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Workaround
|
|
| OS: | Avaya Call Management System (CMS)
|
| | Software: | Avaya Interactive Response 1.x
|
| | CVE reference: | CVE-2006-1173 (Secunia mirror)
|
|
|
|
|
|
Description:
Avaya has acknowledged a vulnerability in Avaya CMS and IR, which can be exploited by malicious people to cause a DoS (Denial of Service).
For more information:
SA20650
The following products are affected:
* IR (all versions)
* CMS v9, V11, R12, R13, R13.1
Solution:
Avaya IR:
Apply patch 122856-02 provided by Sun.
Avaya CMS:
As a workaround, the vendor suggests setting the "ForkEachJob" option and configuring sendmail to write statically named core files (see vendor advisory for details).
The patch from Sun will be available from Avaya Services after it has been tested by the vendor.
Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm
Other References:
SA20650:
http://secunia.com/advisories/20650/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
65 Related Secunia Security Advisories, displaying 10
|
|
|
1. Avaya CMS Solaris namefs Kernel Module Privilege Escalation
|
|
2. Avaya CMS Solaris "snoop" Multiple Vulnerabilities
|
|
3. Avaya CMS Solaris "picld" Denial of Service
|
|
4. Avaya CMS Sun Java JDK / JRE Same Origin Policy Bypass
|
|
5. Avaya CMS / IR Solaris X Server Extensions Multiple Vulnerabilities
|
|
6. Avaya CMS Solaris "inet_network()" Off-By-One Vulnerability
|
|
7. Avaya CMS Solaris crontab Privilege Escalation Vulnerability
|
|
8. Avaya CMS Solaris Print Service Unspecified Vulnerabilities
|
|
9. Avaya CMS Solaris SSH X11 Forwarding Vulnerability
|
|
10. Avaya CMS Solaris TCP Implementation SYN Flood Denial of Service
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
