Nortel Networks, Inc. Information for VU#568148

Microsoft Windows RPC vulnerable to buffer overflow

Status

Affected

Vendor Statement

Nortel Networks Response to CERT Advisory CA-2003-16 - Buffer Overflow in Microsoft RPC

Nortel Networks supplies and supports both integrated and non-integrated solutions to its customers. We are taking this opportunity to complement CERT and Microsoft information with information specific to the potential impact of this vulnerability on Nortel Networks products and solutions. As well we indicate how Nortel Networks products can be used to help effect the mitigation procedures recommended both by CERT and Microsoft.

A limited number of Nortel Networks products and solutions are potentially affected by this issue, and the nature of these products and solutions tends to place them within a private network. Accordingly, if network perimeter protection is employed as recommended by both CERT and Microsoft (i.e. blocking access to TCP & UDP ports 135, 139, and 445) these products and solutions should not be vulnerable to attacks from the public Internet.

Nortel Networks would like to inform its customers and partners of efforts currently under way to respond to this issue:

  1. Embedded Operating Systems
  2. Some Nortel Networks products employ embedded Windows Operating Systems identified by Microsoft as vulnerable; Product Technical Bulletins and patches are being developed.

  3. Applications on Windows Operating Systems
  4. Some Nortel Networks applications reside on Windows Operating Systems identified by Microsoft as vulnerable; the corresponding Microsoft patches are being tested against the Nortel Networks applications to confirm that their functionality will not be impacted.

  5. Clients on Windows Operating Systems
  6. Some Nortel Networks clients reside on workstations supplied by others, with Windows Operating Systems identified by Microsoft as vulnerable; Nortel Networks recommends that customers follow the recommendations of CERT and Microsoft and apply the appropriate patches.

  7. Nortel Networks Routing Products to be used for Port Blocking
  8. Nortel Networks routing products are not vulnerable to this issue, but may be configured to protect customer networks by blocking access to TCP & UDP ports 135, 139, and 445 at the network edge, as recommended by CERT and Microsoft. Product-specific instructions for port blocking configuration are available for the following Nortel products:

    • Passport 6000
    • Shasta
    • Contivity
    • Alteon Switched Firewall
    • Passport 8600
    • BayRS

Nortel Networks Product Status

The following products, which in some way rely on a Microsoft operating system, have been reviewed or are under review. Other products may be added.

Not Vulnerable
  • Succession Multi-service Gateway 4000
  • Interactive Multimedia Server
  • Communication Server for Enterprise -- Multimedia Exchange
  • Multimedia PC Client
  • Optivity Telephony Manager
  • Optivity NetID
  • Optivity Policy Services
  • Optivity Switch Manager
  • Contivity Configuration Manager
Vulnerable
  • Symposium including TAPI ICM
  • CallPilot
  • Business Communications Manager
  • International Centrex-IP
  • Periphonics with OSCAR Speech Server
Under Review
  • Alteon Security Manager
  • Network Configuration Manager for BCM
  • Preside Site Manager
  • Preside System Manager Interface

If you have a Nortel Networks product which is not noted on the list above, we are currently reviewing our extended product families to identify if they use components of the Microsoft Operating System and will issue an updated list as soon as new information is available.

For more information please contact


North America: 1-800-4NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907
9009

Contacts for other regions are available at

<http://www.nortelnetworks.com/help/contact/global/>

Or visit the eService portal at <http://www.nortelnetworks.com/cs> under Advanced Search.

If you are a channel partner, more information can be found under <http://www.nortelnetworks.com/pic> under Advanced Search.

]

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.