Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Nortel Networks Information for VU#398025

Date Notified02/26/2003
Date Modified09/15/2003 09:58:12 AM
Status SummaryVulnerable

Vendor Statement

The following Nortel Networks Wireless products are potentially affected by the vulnerabilities identified in CERT Advisory CA-2003-07:

      SS7 IP Gateway. Nortel Networks recommends disabling Sendmail as it is not used.
      Wireless Preside OAM&P Main Server. Sendmail should not be disabled on these products.


The following Nortel Networks Enterprise Voice IVR products are potentially affected by the vulnerabilities identified in CERT Advisory CA-2003-07:
      MPS1000
      MPS500
      VPS
      CTX
All the above products deploy Sendmail; it should not be disabled on these products.

For all of the above products Nortel Networks recommends applying the latest Sun Microsystems patches in accordance with that vendor's recommendations. To avoid applying patches twice, please ensure that the Sun Microsystems patch applied also addresses the vulnerability identified in CERT Advisory CA-2003-12.

The following Nortel Networks Succession products are potentially affected by the vulnerability identified in CERT Advisory CA-2003-07:
      SSPFS-based CS2000 Management Tools
      GWC Element Manager and QoS Collector Application (QCA)
      SAM21 Element Manager
      Audio Provisioning Server (APS) and APS client GUI
      UAS Element Manager
      Succession Media Gateway 9000 Element Manager (Mid-Tier and Server)
      Network Patch Manager (NPM)
      Nodes Configuration, Trunk Configuration, Carrier Endpoint Configuration, Lines Configuration (Servord+), Trunk Maintenance Manager, Lines Maintenance Manager, Line Test Manager, V5.2 Configuration and Maintenance, PM Poller, EMS Proxy Services, and Common Application Launch Point
A product bulletin will be issued shortly.

Sendmail has been disabled in SN06 and therefore SN06 is not vulnerable. A patch for SN05 is currently under development that will disable Sendmail in SN05 so that it will not be affected by the vulnerability identified in CERT Advisory CA-2003-07. The availability date for the SN05 patch is still to be determined.

For more information please contact Nortel at:

US-CERT Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information