|
 |
|
Nortel Networks Communication Server Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA29747
|
|
|
Release Date:
|
2008-04-11
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
DoS
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Partial Fix
|
|
| OS: | Nortel Communication Server 1000
|
|
|
|
|
|
|
Description:
Some security issues and vulnerabilities have been reported in Nortel Communication Server, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
1) An error in the handling of UNIStim IT sequence numbers can be exploited to spoof commands as a UNIStim client.
Successful exploitation requires that the correct sequence number is guessed or brute forced.
2) Sixteen hardcoded accounts and passwords may allow e.g. write access to an affected system.
3) Errors in the command exchange mechanism can be exploited to inject arbitrary commands.
Successful exploitation of this vulnerability allows to disclose certain information, gain access to an affected system, or to cause a DoS.
NOTE: An FTP session exhaustion and a disclosure of web application structures have also been reported. All issues are currently still under investigation by the vendor.
The security issues and vulnerabilities are reported in Nortel Communication Server 4.50.x. Other versions may also be affected.
Solution:
The vendor recommends to install patch MPLR24368 and use SMC2450 to enable signaling security, which fixes vulnerability #1, and to restrict network access to affected systems (see vendor advisory for more information).
Provided and/or discovered by:
VoIPshield
Original Advisory:
Nortel:
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/14/023588-01.pdf
VoIPshield:
http://www.voipshield.com/component/o...wid,11/_cursor,5/_total,44/tableid,1/
http://www.voipshield.com/component/o...id,27/_cursor,15/_total,44/tableid,1/
http://www.voipshield.com/component/o...id,28/_cursor,16/_total,44/tableid,1/
http://www.voipshield.com/component/o...id,29/_cursor,17/_total,44/tableid,1/
http://www.voipshield.com/component/o...wid,14/_cursor,3/_total,44/tableid,1/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
7 Related Secunia Security Advisories
|
|
|
1. Nortel Communication Server Command Processing Denial of Service
|
|
2. Nortel CS1000 Denial of Service Vulnerability
|
|
3. Nortel Products Multiple Vulnerabilities
|
|
4. Nortel Meridian CS 1000 Unspecified Denial of Service Vulnerability
|
|
5. Nortel Communication Server OpenSSL Vulnerability
|
|
6. Nortel Communication Server FTP Service Denial of Service
|
|
7. Nortel Products H.323 Protocol Implementation Vulnerabilities
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
