Home page logo
/

bugtraq logo Bugtraq mailing list archives

Nortel Telephony Server Denial of Service
From: daniel.stirnimann () csnc ch
Date: 18 Oct 2007 12:31:02 -0000

#############################################################
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#############################################################
#
# Product: Telephony Server
# Vendor:  Nortel
# Subject: Telephony Server Denial of Service
# Risk:    High
# Effect:  Currently exploitable
# Author:  Cyrill Brunschwiler (cyrill.brunschwiler (at) csnc (dot) ch
# Date:    October, 18th 2007
#
#############################################################

Introduction:
-------------
A malicious user who can send a flood of packets to specific E-LAN ports on the Telephony Server is able to crash the 
telephony application. The server needs to be rebooted to resume normal operation.

Nortel has noted this as:
Title:  Potential CS1000 DoS Vulnerability
Number: 2007008384
http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY


Vulnerable:
-----------
Communication Server 1000
and others.

See associated products on the Nortel advisory.

Vulnerability Management:
-------------------------
June 2007:    Vulnerability found
June 2007:    Nortel Security notified
October 2007: Nortel Advisory available
October 2007: Compass Security Information

Remediation:
------------
Follow the recommended actions for the affected systems, as identified in the Nortel Advisory.

Reference:
http://www.csnc.ch/static/advisory/secadvisorylist.html


  By Date           By Thread  

Current thread:
  • Nortel Telephony Server Denial of Service daniel . stirnimann (Oct 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]