Friday, April 11, 2008 10:02 AM
cmosby
Nortel Networks Communication Server Multiple Vulnerabilities - Advisories - Secunia
Nortel Networks Communication Server Multiple Vulnerabilities
Secunia Advisory:
SA29747
Release Date:
2008-04-11
Critical:
Moderately critical
Impact:
Security Bypass
DoS
System access
Where:
From local network
Solution Status:
Partial Fix
OS:
Nortel Communication Server 1000
Description:
Some security issues and vulnerabilities have been reported in Nortel Communication Server, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
1) An error in the handling of UNIStim IT sequence numbers can be exploited to spoof commands as a UNIStim client.
Successful exploitation requires that the correct sequence number is guessed or brute forced.
2) Sixteen hardcoded accounts and passwords may allow e.g. write access to an affected system.
3) Errors in the command exchange mechanism can be exploited to inject arbitrary commands.
Successful exploitation of this vulnerability allows to disclose certain information, gain access to an affected system, or to cause a DoS.
NOTE: An FTP session exhaustion and a disclosure of web application structures have also been reported. All issues are currently still under investigation by the vendor.
The security issues and vulnerabilities are reported in Nortel Communication Server 4.50.x. Other versions may also be affected.
Solution:
The vendor recommends to install patch MPLR24368 and use SMC2450 to enable signaling security, which fixes vulnerability #1, and to restrict network access to affected systems (see vendor advisory for more information).
Provided and/or discovered by:
VoIPshield
Original Advisory:
Nortel:
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/14/023588-01.pdf
VoIPshield:
http://www.voipshield.com/component/o...wid,11/_cursor,5/_total,44/tableid,1/
http://www.voipshield.com/component/o...id,27/_cursor,15/_total,44/tableid,1/
http://www.voipshield.com/component/o...id,28/_cursor,16/_total,44/tableid,1/
http://www.voipshield.com/component/o...id,29/_cursor,17/_total,44/tableid,1/
http://www.voipshield.com/component/o...wid,14/_cursor,3/_total,44/tableid,1/
|