Nortel Communication Server 1000 Firmware Update FTP Service Can Be Blocked By Remote Users
|
|
SecurityTracker Alert ID: 1019845 |
|
SecurityTracker URL: http://securitytracker.com/id/1019845
|
|
CVE Reference:
CVE-2008-6576
(Links to External Site)
|
Updated: May 5 2009
|
Original Entry Date: Apr 15 2008
|
Impact:
Denial of service via network
|
Vendor Confirmed: Yes
|
Version(s): CS1000; version 4.50.x
|
Description:
A vulnerability was reported in Nortel Communication Server 1000. A remote user can cause denial of service conditions.
A remote user can consume all available sessions on the FTP service used to provide firmware updates and configuration files, preventing the endpoints from retrieving firmware updates and configuration files.
VoIPshield Systems reported this vulnerability.
The original advisory is available at:
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,11/_cursor,1/_total,5/tableid,1/
|
Impact:
A remote user can prevent the endpoints from retrieving firmware updates and configuration files.
|
Solution:
No solution was available at the time of this entry.
The vendor's advisory is available at:
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455
|
Vendor URL: support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455 (Links to External Site)
|
Cause:
Resource error, State error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 15 Apr 2008 01:22:28 -0400
Subject: Nortel Communication Server
|
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,11/_cursor,1/_total,5/tableid,1/
CS1000 FTP Session Limit Exhaustion
|
|
