Nortel Networks Information for VU#389665

Multiple vendors' SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization

Status

Affected

Vendor Statement

The following Nortel Networks products are being assessed to determine whether they are potentially affected by the vulnerabilities identified in CERT Advisory CA-2002-36: Shasta Broadband Service Node and Shasta Service Creation System.

Passport 8000 Series Software is potentially affected; this issue will be addressed in the next maintenance releases
3.3.2.0, for version 3.3, scheduled for availability January 24th, 2003.
3.2.4, for version 3.2, scheduled for availability in Mid March 2003 (target)
Releases before 3.2.1 are not affected.
A product bulletin will be issued shortly.

STORM is potentially affected; a product bulletin will be issued shortly and this issue will be addressed in the next Maintenance Release scheduled for availability in March, 2003.

Other Nortel Networks products implementing SSH are not affected by the vulnerabilities identified in CERT Advisory CA-2002-36.

For more information please contact Nortel at:

North America: 1-8004NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009
Contacts for other regions are available at <http://www.nortelnetworks.com/help/contact/global/>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.