Date: 20 October 2008
References: ESB-2008.0816 ESB-2008.0828 ESB-2008.0879
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2008.0215 AUSCERT Advisory
[UNIX/Linux][Appliance]
Multiple vulnerabilities in Avaya products.
20 October 2008
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: Avaya Communication Manager
Avaya Intuity AUDIX LX
Avaya EMMC
Avaya Messaging Storage Server
Avaya Message Networking
Avaya SIP Enablement Services
Avaya Voice Portal
Avaya Meeting Exchange
Avaya Proactive Contact
Avaya AES
Avaya CVLAN
Avaya Integrated Management Suite (IMS)
Avaya Voice Portal
Operating System: UNIX variants (UNIX, Linux, OSX)
Network Appliance
Impact: Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2008-3652 CVE-2008-3651 CVE-2008-3281
CVE-2008-1372
Member content until: Monday, November 17 2008
Ref: ESB-2008.0828
ESB-2008.0879
ESB-2008.0816
OVERVIEW:
Avaya have released three advisories relating to vulnerabilities in
libxml2 [1], ipsec-tools [2], and bzip2 [3], and how they affect
their products.
IMPACT:
Exploitation of these vulnerabilities may result in a Denial of
Service (DoS).
MITIGATION:
Users of the affected products should restrict access to the
server until a patch is released.
Products that run on general purpose operating systems (ie those
that are 'software only') should upgrade the relevant package on
the underlying operating system.
REFERENCES:
[1] Avaya libxml2 Security Update
http://support.avaya.com/elmodocs2/security/ASA-2008-402.htm
[2] Avaya ipsec-tools Security Update
http://support.avaya.com/elmodocs2/security/ASA-2008-403.htm
[3] Avaya bzip2 Security Update
http://support.avaya.com/elmodocs2/security/ASA-2008-404.htm
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSPwLNCh9+71yA2DNAQIPWgP6A3e5820j2cLD30wRqy6xT1cwIeQrH18v
mwGWQ0CcgkWLGaXyxtjYQpT0lyWeAVwbgdHXGWfGl8UvsP765vqgzJ4ThdeCj+Bd
DE/LokfaAnkL2FsoUQSl3f/lP/SWXHRkElEGYHCT9fA8G8e2BmikQGgTgKtFAwk7
LtoE5awF+0E=
=HF1O
-----END PGP SIGNATURE-----
|