CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Nortel Networks Information for VU#897604

Date Notified03/29/2003
Date Modified09/25/2003 01:16:40 AM
Status SummaryVulnerable

Vendor Statement

The following Nortel Networks Wireless products are potentially affected by the vulnerabilities identified in CERT Advisory CA-2003-12:
  • SS7 IP Gateway.
    Nortel Networks recommends disabling Sendmail as it is not used.
  • Wireless Preside OAM&P Main Server.
    Sendmail should not be disabled on these products.

The following Nortel Networks Enterprise Voice IVR products are potentially affected by the vulnerabilities identified in CERT Advisory CA-2003-12:
  • MPS1000
  • MPS500
  • VPS
  • CTX
All the above products deploy Sendmail; it should not be disabled on these products.

For all of the above products Nortel Networks recommends applying the latest Sun Microsystems patches in accordance with that vendor's recommendations. To avoid applying patches twice, please ensure that the Sun Microsystems patch applied also addresses the vulnerability identified in CERT Advisory CA-2003-07.

The following Nortel Networks Succession products are potentially affected by the vulnerability identified in CERT Advisory CA-2003-12:
  • SSPFS-based CS2000 Management Tools
  • GWC Element Manager and QoS Collector Application (QCA)
  • SAM21 Element Manager
  • Audio Provisioning Server (APS) and APS client GUI
  • UAS Element Manager
  • Succession Media Gateway 9000 Element Manager (Mid-Tier and Server)
  • Network Patch Manager (NPM)
  • Nodes Configuration, Trunk Configuration, Carrier Endpoint
  • Configuration, Lines Configuration (Servord+), Trunk Maintenance Manager, Lines Maintenance Manager, Line Test Manager, V5.2 Configuration and Maintenance, PM Poller, EMS Proxy Services, and Common Application Launch Point
A product bulletin will be issued shortly.

Sendmail has been disabled in SN06 and therefore SN06 is not vulnerable. A patch for SN05 is currently under development that will disable Sendmail in SN05 so that it will not be affected by the vulnerability identified in CERT Advisory CA-2003-12. The availability date for the SN05 patch is still to be determined.

For more information please contact Nortel at:
    North America: 1-800-4NORTEL or 1-800-466-7835
    Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009

Contacts for other regions are available at

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2012 Carnegie Mellon University