AusCERT - AA-2008.0211 -- [Win][Appliance] -- Vulnerabilities in multiple Avaya products

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
AA-2008.0211 -- [Win][Appliance] -- Vulnerabilities in multiple Avaya products
Date: 18 February 2009

Click here for printable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2008.0211                  AUSCERT Advisory

                             [Win][Appliance]
                Vulnerabilities in multiple Avaya products
                             19 February 2009
- ---------------------------------------------------------------------------

        AusCERT Advisory Summary
        ------------------------

Product:              Avaya IP Softphone 6.01.85
                      Avaya One-X Desktop Edition 2.1.0.78
                      Avaya Communication Manager 3.1.x
                      Avaya Communication Manager 4.0.x
                      Avaya Communication Manager 5.0
                      Avaya Communication Manager CM3.1.x
                      Avaya Communication Manager CM4.0.3
                      Avaya Communication Manager CM5.x
Operating System:     Windows
                      Network Appliance
Impact:               Execute Arbitrary Code/Commands
                      Access Confidential Data
                      Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-6141 CVE-2008-6140 CVE-2008-5710
                      CVE-2008-5709
Member content until: Tuesday, November 11 2008

Revision History:     February 19 2009: Added CVE References
                      December 30 2008: Added CVE References
                      October 14 2008:  Initial Release

OVERVIEW

        Avaya has released four (4) security bulletins correcting multiple
        vulnerabilities in multiple products. [1,2,3,4]


IMPACT

	Two of the vulnerabilities could allow a local or remote user to
	cause a Denial of Service, [1,2] These Denial of Service
	vulnerabilities relate to the "Avaya IP Softphone" and "Avaya One-X
	Desktop Edition" products.

	A third vulnerability could allow a remote attacker to execute
	arbitrary code using the Web Management Interface of Avaya
	Communication Manager 3.1.x, 4.0.x and 5.0. [3]

	The fourth vulnerability allows attackers to obtain information
	about various files on the system. This vulnerability relates to
	Avaya Communication Manager CM3.1.x, CM4.0.3 and CM5.x. [4]


MITIGATION

	Solutions for the first two and the fourth vulnerability are
	pending and Avaya recommends restricting network access [1,2,4]

	For the vulnerability in Avaya Communication Manager 3.1.x, 4.0.x
	and 5.0, Avaya recommends updating:

	 - For CM 3.1.x upgrade to CM 3.1.4 SP2 or later.
	 - For CM 4.0.x upgrade to CM4.0.3 SP1 or later.
	 - For CM 5.0 upgrade to CM 5.0 SP3 or later. [3]


REFERENCES

        [1] Avaya IP Softphone Denial of Service Vulnerability
            http://support.avaya.com/elmodocs2/security/ASA-2008-363.htm

        [2] Avaya One-X Desktop Edition Denial of Service
            http://support.avaya.com/elmodocs2/security/ASA-2008-370.htm

        [3] Input Validation Vulnerabilities in Avaya Communication
            Manager Web Interface (October 2008)
            http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm

        [4] Unauthenticated file access via CM web server
            http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD4DBQFJnLfcNVH5XJJInbgRAlcwAJwMOzB3cZrbmdRlQYWn5nJ3QPOvOQCWJiXc
49TmlGt2nJ0WkhyNzGvWKw==
=Svje
-----END PGP SIGNATURE-----