Nortel Communication Server 1000 Lets Remote Users Execute Arbitrary Commands
|
|
SecurityTracker Alert ID: 1019849 |
|
SecurityTracker URL: http://securitytracker.com/id/1019849
|
|
CVE Reference:
CVE-2008-6578
(Links to External Site)
|
Updated: May 5 2009
|
Original Entry Date: Apr 15 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Vendor Confirmed: Yes
|
Version(s): CS1000; version 4.50.x
|
Description:
A vulnerability was reported in Nortel Communication Server 1000. A remote user can execute arbitrary commands on the target system.
A remote user can exploit flaws in the command exchange mechanism to inject arbitrary commands. This allows the remote user to obtain information, gain access to the system, or cause denial of service conditions.
VoIPshield Systems reported this vulnerability.
The original advisory is available at:
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,29/_cursor,4/_total,5/tableid,1/
|
Impact:
A remote user can execute arbitrary commands on the target system.
|
Solution:
No solution was available at the time of this entry.
The vendor's advisory is available at:
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455
|
Vendor URL: support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 15 Apr 2008 01:41:27 -0400
Subject: Nortel Communication Server
|
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,29/_cursor,4/_total,5/tableid,1/
Command Injection
|
|
