Nortel Networks Information for VU#398025
Remote Buffer Overflow in Sendmail
- Vendor Information Help Date Notified: 26 Feb 2003
- Statement Date:
- Date Updated: 22 Apr 2003
The following Nortel Networks Wireless products are potentially affected by the vulnerabilities identified in CERT Advisory CA-2003-07:
SS7 IP Gateway. Nortel Networks recommends disabling Sendmail as it is not used.
Wireless Preside OAM&P Main Server. Sendmail should not be disabled on these products.
The following Nortel Networks Enterprise Voice IVR products are potentially affected by the vulnerabilities identified in CERT Advisory CA-2003-07:
For all of the above products Nortel Networks recommends applying the latest Sun Microsystems patches in accordance with that vendor's recommendations. To avoid applying patches twice, please ensure that the Sun Microsystems patch applied also addresses the vulnerability identified in CERT Advisory CA-2003-12.
The following Nortel Networks Succession products are potentially affected by the vulnerability identified in CERT Advisory CA-2003-07:
- SSPFS-based CS2000 Management Tools
GWC Element Manager and QoS Collector Application (QCA)
SAM21 Element Manager
Audio Provisioning Server (APS) and APS client GUI
UAS Element Manager
Succession Media Gateway 9000 Element Manager (Mid-Tier and Server)
Network Patch Manager (NPM)
Nodes Configuration, Trunk Configuration, Carrier Endpoint Configuration, Lines Configuration (Servord+), Trunk Maintenance Manager, Lines Maintenance Manager, Line Test Manager, V5.2 Configuration and Maintenance, PM Poller, EMS Proxy Services, and Common Application Launch Point
Sendmail has been disabled in SN06 and therefore SN06 is not vulnerable. A patch for SN05 is currently under development that will disable Sendmail in SN05 so that it will not be affected by the vulnerability identified in CERT Advisory CA-2003-07. The availability date for the SN05 patch is still to be determined.
For more information please contact Nortel at:
- North America: 1-800-4NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009
Contacts for other regions are available at http://www.nortelnetworks.com/help/contact/global/
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.