lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 18 Oct 2007 12:31:02 -0000 From: daniel.stirnimann@...c.ch To: bugtraq@...urityfocus.com Subject: Nortel Telephony Server Denial of Service ############################################################# # # COMPASS SECURITY ADVISORY http://www.csnc.ch/ # ############################################################# # # Product: Telephony Server # Vendor: Nortel # Subject: Telephony Server Denial of Service # Risk: High # Effect: Currently exploitable # Author: Cyrill Brunschwiler (cyrill.brunschwiler (at) csnc (dot) ch # Date: October, 18th 2007 # ############################################################# Introduction: ------------- A malicious user who can send a flood of packets to specific E-LAN ports on the Telephony Server is able to crash the telephony application. The server needs to be rebooted to resume normal operation. Nortel has noted this as: Title: Potential CS1000 DoS Vulnerability Number: 2007008384 http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY Vulnerable: ----------- Communication Server 1000 and others. See associated products on the Nortel advisory. Vulnerability Management: ------------------------- June 2007: Vulnerability found June 2007: Nortel Security notified October 2007: Nortel Advisory available October 2007: Compass Security Information Remediation: ------------ Follow the recommended actions for the affected systems, as identified in the Nortel Advisory. Reference: http://www.csnc.ch/static/advisory/secadvisorylist.html
Powered by blists - more mailing lists