TUCoPS :: Phreaking General Information :: tb13044.htm

Nortel Telephony Server Denial of Service
Nortel Telephony Server Denial of Service
Nortel Telephony Server Denial of Service



#############################################################=0D
#=0D
# COMPASS SECURITY ADVISORY http://www.csnc.ch/=0D 
#=0D
#############################################################=0D
#=0D
# Product: Telephony Server=0D
# Vendor:  Nortel=0D
# Subject: Telephony Server Denial of Service=0D
# Risk:    High=0D
# Effect:  Currently exploitable=0D
# Author:  Cyrill Brunschwiler (cyrill.brunschwiler (at) csnc (dot) ch=0D
# Date:    October, 18th 2007=0D
#=0D
#############################################################=0D
=0D
Introduction:=0D
-------------=0D
A malicious user who can send a flood of packets to specific E-LAN ports on the Telephony Server is able to crash the telephony application. The server needs to be rebooted to resume normal operation.=0D
=0D
Nortel has noted this as:=0D
Title:  Potential CS1000 DoS Vulnerability=0D
Number: 2007008384=0D
http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY=0D 
=0D
=0D
Vulnerable:=0D
-----------=0D
Communication Server 1000=0D
and others.=0D
=0D
See associated products on the Nortel advisory.=0D
=0D
Vulnerability Management:=0D
-------------------------=0D
June 2007:    Vulnerability found=0D
June 2007:    Nortel Security notified=0D
October 2007: Nortel Advisory available=0D
October 2007: Compass Security Information=0D
=0D
Remediation:=0D
------------=0D
Follow the recommended actions for the affected systems, as identified in the Nortel Advisory.=0D
=0D
Reference:=0D
http://www.csnc.ch/static/advisory/secadvisorylist.html 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH