http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY Nortel Security Advisory Bulletins en-us Nortel - 2006 Sat, 04 Jul 2009 03:12:34 GMT Sat, 04 Jul 2009 03:12:34 GMT http://www.nortel.com/images/template2005/footer/footer_globemark_grey.gif http://support.nortel.com http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=944212&poid= On June 9, 2009, Adobe released a quarterly security update for Reader / Acrobat which addresses 13 critical security flaws including heap overflow vulnerabilities, a stack overflow vulnerability, and a memory corruption flaw that could be exploited to execute arbitrary code. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Following is a brief description of some of the vulnerabilities addressed by APSB09-07: 1) A boundary error in the processing of Huffman encoded JBIG2 text region segments can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF document. The vulnerability is confirmed in version 9.1.0. Other versions may also be affected. 2) A boundary error exists in the processing of U3D model files contained in PDF documents. This can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code via a specially crafted extension block included in an U3D model file. 3) An integer overflow error exists when processing "FlateDecode" filter parameters. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 4) An error when processing TrueType fonts contained in PDF documents can be exploited to corrupt memory and potentially execute arbitrary code. 5) An error in the processing of JBIG2 data can be exploited to corrupt memory and potentially execute arbitrary code. 6) Another unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 7) Multiple errors in the JBIG2 filter can be exploited to cause heap-based buffer overflows and potentially execute arbitrary code. 8) An error in the JBIG2 filter can be exploited to cause a heap-based buffer overflow and poten http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=944212&poid= Thu, 02 Jul 2009 14:47:14 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=935892&poid= Sun Microsystems has recently released the following alerts - 1) Sun Alert 245806 - Buffer Overflow in Solaris sadmind(1M) Daemon A buffer overflow security vulnerability in the Solaris sadmind(1M) daemon may allow a local or remote unprivileged user to execute arbitrary code with root privileges. This issue affects the Solaris 8 and Solaris 9 OS's. 2) Sun Alert 259468 - Multiple Vulnerabilities in the Solaris 8 and 9 sadmind(1M) Daemon On Solaris 8 and 9 heap and integer overflow vulnerabilities in the Solaris sadmind(1M) daemon may allow a local or remote unprivileged user to execute arbitrary code with root privileges. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. The Sun Alerts are available at - Sun Alert 245806: http://sunsolve.sun.com/search/document.do?assetkey=1-66-245806-1 Sun Alert 259468: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259468-1 This bulletin addresses the following 3 CVEs: 1) CVE-2008-4556 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4556) Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request. 2) CVE-2008-3869 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3869) Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. 3) CVE-2008-3870 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3870) Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. Before taking any action please ensure http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=935892&poid= Thu, 18 Jun 2009 19:08:55 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=935712&poid= Microsoft Security Updates are updates for the Microsoft Windows operating system and/or other Microsoft applications. This document lists the Security Updates tested with and supported by Nortel CS 1000 Telephony Manager. Please note that Nortel does not distribute or install any Microsoft Security Updates as part of the Telephony Manager (formerly known as Optivity Telephony Manager) product. Following are the software affected releases: . Nortel Communication Server 1000 Telephony Manager (TM) 3.2 (with Service Update 2) . Nortel Communication Server 1000 Telephony Manager (TM) 3.1 (with Service Updates 1, 2, 3. and 4) . Nortel Communication Server 1000 Telephony Manager (TM) 3.0 (with Service Updates 1, 2, 3, 4, and 5) . Optivity Telephony Manager 2.20.78 (with Service Updates 3, 4, and 5) Nortel will endeavor to review all the released Critical Microsoft Security Updates with its applicability for all current and sustained Telephony Manager releases within two business days, immediately after Microsoft has made the public notification. Subsequently, the results of the review are published as a bulletin for that particular Security Update on the Nortel Technical Support website. Applicability of non-critical security updates (Important, Moderate and Low) are published only if they are deemed to have compatibility issues with Telephony Manager. Nortel will update Appendix A of this document with the review & recommendations and make the document available on the Nortel Technical Support Web site on a recurring basis. It is the customer's responsibility to obtain and install all applicable Microsoft Security Updates as recommended and described in this document. For more information please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortel.com/pic Before taking a http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=935712&poid= Thu, 18 Jun 2009 18:58:09 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=932813&poid= The Nortel Contact Center Manager Administration Server web application relies on client side cookies to check the roles of authenticated users. Authentication can be bypassed by manually setting the required cookies. By exploiting this vulnerability, an attacker can bypass authentication and access the Nortel Contact Center Manager Administration web administration. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/security advisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/security advisories Nortel Partner Information Center (PIC) web site: http://www.nortelnetworks.com/pic http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=932813&poid= Fri, 12 Jun 2009 21:47:21 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=932812&poid= The Nortel Contact Center Manager Server web application provides a SOAP interface. This interface does not need authorisation and responds to certain requests with sensitive information. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=932812&poid= Fri, 12 Jun 2009 21:39:30 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=932811&poid= On Tuesday, June 9th, Microsoft released MS09-019 - Cumulative Security Update for Internet Explorer (969897). This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles scripts and cached content and initializes memory. Some Nortel products contain this Microsoft software as a component and thus are potentially affected by the vulnerabilities. This bulletin contains a consolidated, multi-product response to the Microsoft update. MS09-019 addresses the following CVEs: 1) Race Condition Cross-Domain Information Disclosure Vulnerability - CVE-2007-3091 An information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to the content in another browser window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view data from a Web page in another Internet Explorer domain. 2) Cross-Domain Information Disclosure Vulnerability - CVE-2009-1140 An information disclosure vulnerability exists in the way that Internet Explorer caches data and incorrectly allows the cached content to be called, potentially bypassing Internet Explorer domain restriction. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view content from the local computer or another browser window in another domain or Internet Explorer zone. 3) DHTML Object Memory http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=932811&poid= Fri, 12 Jun 2009 21:00:47 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=932810&poid= On Tuesday, June 9th, Microsoft released MS09-022 - Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501). This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. The update addresses the vulnerabilities by changing the way the print spooler parses certain printing data structures, limiting the location where separator pages or embedded files can be read by the Windows Printing Service, and restricting the paths from which the print spooler can load a DLL. Some Nortel products contain this Microsoft software as a component and thus are potentially affected by the vulnerabilities. This bulletin contains a consolidated, multi-product response to the Microsoft update. MS09-022 addresses the following CVEs: 1) Buffer Overflow in Print Spooler Vulnerability - CVE-2009-0228 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0228 A remote code execution vulnerability exists in the Windows Print Spooler that could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. 2) Print Spooler Read File Vulnerability - CVE-2009-0229 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0229 A local, authenticated information disclosure vulnerability exists in the Windows Printing Service that could allow a user to read or print any file on the system. This action can be taken even if the user does not have administrative access. However, the vulnerability could not be exploited re http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=932810&poid= Fri, 12 Jun 2009 21:00:29 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=931975&poid= On Tuesday, June 9th, Microsoft released MS09-018 - Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055). This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The more severe vulnerability could allow remote code execution. Some Nortel products contain this Microsoft software as a component and thus are potentially affected by the vulnerabilities. This bulletin contains a consolidated, multi-product response to the Microsoft update. MS09-018 addresses the following CVEs: 1) Active Directory Invalid Free Vulnerability - CVE-2009-1138 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1138 A remote code execution vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability is due to incorrect freeing of memory when processing specially crafted LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system. 2) Active Directory Memory Leak Vulnerability - CVE-2009-1139 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1139 A denial of service vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003. The vulnerability also exists in implementations of Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The vulnerability is due to improper memory management during execution of certain types of LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could cause the affected server to stop responding. Microsoft Ratings for MS09-018: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 1 - Cons http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=931975&poid= Fri, 12 Jun 2009 20:58:05 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=926953&poid= A critical vulnerability has been identified in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions. This vulnerability (CVE-2009-1492) would cause the application to crash and could potentially allow an attacker to take control of the affected system. A second vulnerability has also been reported that appears to affect Adobe Reader for UNIX only (CVE-2009-1493). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. This bulletin addresses the following common vulnerability identifier: 1) CVE-2009-1492 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1492) The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments. 2) CVE-2009-1493 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1493) The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 8.1.4 and 9.1 on Linux allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=926953&poid= Wed, 03 Jun 2009 22:12:12 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=909495&poid= Sun Microsystems has recently released Sun Alert 256408 - Solaris 10 - Vulnerabilities in Firefox May Allow Execution of Arbitrary Code. Multiple security vulnerabilities in firefox(1) versions prior to 2.0.0.19 shipped with Solaris 10 may allow an unprivileged remote user to execute arbitrary code on the system where firefox(1) is being run, gain unauthorized access to sensitive data, perform Cross-Site Scripting (XSS) attacks to bypass access controls, read or modify data in other web sites, or inject code into web pages to obtain sensitive data from the user or information stored in cookies. Certain vulnerabilities may also allow a user to crash the firefox(1) application which is a type of Denial of Service (DoS). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 256408 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-256408-1 This bulletin addresses the following CVEs. Descriptions are available at cve.mitre.org: CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811, CVE-2008-2785, CVE-2008-2933, CVE-2008-2934, CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4070, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-0017, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024, CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5503, CVE-2008-5504, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=909495&poid= Fri, 15 May 2009 21:42:01 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=909609&poid= Sun Microsystems has recently released Sun Alert 249366 - Solaris 10 - Multiple Security Vulnerabilities in the Adobe Reader. This provides a Solaris 10 patch for the following issue - Multiple security vulnerabilities in the Adobe Reader may allow remote unprivileged users to execute arbitrary code with the permissions of the local user or create a Denial of Service (DoS) condition. In addition, Adobe Reader, when used as a browser plugin, may give remote users the ability to execute arbitrary code within the browser with the permissions of the local user. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 249366 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249366-1 This bulletin addresses the following CVEs (CVSS severity in parenthesis). CVE-2008-2992 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992 (9.3) Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. CVE-2008-2549 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549 (4.3) Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf. CVE-2008-4812 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812 (9.3) Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=909609&poid= Fri, 15 May 2009 21:40:36 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=905600&poid= A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass. This vulnerability allows attackers to read and modify any SNMP object that can be accessed by the impersonated user. Attackers exploiting this vulnerability can view and modify the configuration of these devices. This bulletin addresses the following potential vulnerability: United States Computer Emergency Readiness Team Vulnerability Note VU#878044 <http://www.kb.cert.org/vuls/id/878044> US-CERT National Cyber Alert System Technical Cyber Security Alert TA08-162A <http://www.us-cert.gov/cas/techalerts/TA08-162A.html> Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=905600&poid= Thu, 14 May 2009 15:32:59 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=900985&poid= Sun Microsystems has recently released Sun Alert 254909 - Multiple Security Vulnerabilities in the Adobe Flash Player for Solaris 10 (Adobe Security Bulletin APSB09-01). Multiple security vulnerabilities in Adobe Flash Player distributed with Solaris may allow a remote unprivileged user to execute arbitrary commands with the privileges of a local user on the system, or cause the web browser to crash if a malicious Shockwave Flash (SWF) file is loaded with the affected plugin. Being able to crash a web browser is a type of Denial of Service (DoS). In addition, a 'clickjacking' vulnerability in the Adobe Flash Player Settings Manager may allow a remote user to obtain sensitive information or execute arbitrary code on the system if a local user clicks on misleading Adobe Flash Player dialogues. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 254909 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1 This bulletin addresses the following CVEs: 1) CVE-2009-0519 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0519) Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. 2) CVE-2009-0520 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0520) Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue." 3) CVE-2009-0114 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0114) Unspecified vulnerability in the Settin http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=900985&poid= Mon, 11 May 2009 21:14:54 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=876024&poid= Sun Microsystems has recently released the following 7 Sun Alerts: 1) Sun Alert ID: 254569 Title: Security Vulnerabilities in the Java Runtime Environment (JRE) LDAP Implementation may Allow a Denial of Service (DoS) and Malicious Code to be Executed. URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1 2) Sun Alert ID: 254570 Title: Integer and Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) "unpack200" JAR Unpacking Utility May Lead to Escalation of Privileges URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254570-1 3) Sun Alert ID: 254571 Title: Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) with Processing Image Files and Fonts may Allow Privileges to be Escalated. URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254571-1 4) Sun Alert ID: 254608 Title: Security Vulnerabilities in the Java Runtime Environment (JRE) With Storing and Processing Font Files May Allow Denial of Service (DOS). URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254608-1 5) Sun Alert ID: 254609 Title: A Security Vulnerability in the Java Runtime Environment (JRE) HTTP Server Implementation May Allow a Denial of Service (DoS) Condition on a JAX-WS Service Endpoint. URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254609-1 6) Sun Alert ID: 254610 Title: A Security Vulnerability in the Java Runtime Environment (JRE) Virtual Machine With Code Generation May Allow Escalation of Privileges. URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1 7) Sun Alert ID: 254611 Title: Multiple Security Vulnerabilities in Java Plug-in May Allow Privileges to be Escalated URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1 Some Nortel products contain this software as components and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potential http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=876024&poid= Wed, 22 Apr 2009 20:31:33 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=871138&poid= On Tuesday, April 14th, Microsoft released security update MS09-014 - Cumulative Security Update for Internet Explorer (963027). This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. MS09-014 addresses the following CVEs: 1) CVE-2008-2540 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2540) A blended threat remote code execution vulnerability exists in the way that Internet Explorer locates and opens files on the system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 2) CVE-2009-0550 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0550) A remote code execution vulnerability exists in the way that WinINet handles NTLM credentials when a user connects to an attacker's server by way of the HTTP protocol. This vulnerability allows an attacker to replay the user's credentials back to the attacker and to execute code in the context of the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 3) CVE-2009-0551 (http:// http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=871138&poid= Fri, 17 Apr 2009 20:58:43 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=871533&poid= On Tuesday, April 14th, Microsoft released MS09-013 - Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803). This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS09-013 addresses the following CVEs: 1) CVE-2009-0086 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0086) A remote code execution vulnerability exists in the way that Windows HTTP Services handle specific values that are returned by a remote Web server. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with the same user rights as the service or application which calls the WinHTTP API to connect to the attacker's Web server. 2) CVE-2009-0089 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0089) A spoofing vulnerability exists in Windows HTTP Services as a result of the incomplete validation of the distinguished name in a digital certificate. When combined with specific other attacks, such as DNS spoofing, this may allow an attacker to successfully spoof the digital certificate of a Web site for any application that uses Windows HTTP Services. 3) CVE-2009-0550 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0550) A remote code execution vulnerability exists in the way that Windows HTTP Services handles NTLM credentials when a user connects to an attacker's Web server. This vulnerability allows an attacker to replay the user's credentials back to the attacker and execute code in the context of the l http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=871533&poid= Fri, 17 Apr 2009 20:50:32 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=871476&poid= On Tuesday, April 14th, Microsoft released security update MS09-011 - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373). This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS09-011 addresses the following CVEs: 1) CVE-2009-0084 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0084) A remote code execution vulnerability exists in the way Microsoft DirectShow handles supported format files. This vulnerability could allow code execution if a user opened a specially crafted MJPEG file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Please refer to the Microsoft link in the Source section for additional information about workarounds and mitigating factors for the vulnerabilities addressed by this update. Microsoft Ratings for MS09-011: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 2 - Inconsistent exploit code likely Bulletins Replaced by this Update - MS08-033. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/co http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=871476&poid= Fri, 17 Apr 2009 20:35:05 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=867140&poid= Sun Microsystems has recently released Sun Alert 249926 - A Security Vulnerability in Kerberos Incremental Propagation May Lead to a Denial of Service (DoS) Against Slave KDC Systems. A security vulnerability in Solaris Kerberos (see kerberos(5)) may allow an unauthenticated remote user on a system which can access a master Key Distribution Center (KDC) server to prevent propagation of incremental propagation requests to slave KDC servers. This is a type of Denial of Service (DoS). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 249926 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249926-1 This bulletin addresses the following CVE: CVE-2009-0923 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0923) Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=867140&poid= Wed, 15 Apr 2009 20:40:07 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=865005&poid= The Nortel Application Gateway provides an administration interface "Nortel Administration Tool powered by Citrix". Under certain conditions this interface responds with sensitive information to unauthorized users. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=865005&poid= Tue, 14 Apr 2009 18:59:33 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=844248&poid= A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Adobe has released the Adobe Reader 9.1 and Acrobat 9.1 product updates to resolve this security issue. This fix is announced in APSB09-03. Adobe is planning to make available updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18. This bulletin addresses the following common vulnerability identifier: CVE-2009-0658 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658) Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=844248&poid= Tue, 17 Mar 2009 16:21:03 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=844639&poid= Sun Microsystems has recently released Sun Alert 251406 - Security Vulnerabilities in the libxml2 Library Routines. There are two security vulnerabilities in the libxml2 library (see libxml2(3)) bundled with Solaris 9 and Solaris 10 which may impact applications making use of this library. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 251406 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-251406-1 This advisory addresses the following CVEs: 1. CVE-2008-4225 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225) Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. 2. CVE-2008-4226 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226) Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=844639&poid= Mon, 16 Mar 2009 19:31:24 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=844599&poid= Multiple VNC clients are prone to integer-overflow vulnerabilities because they fail to properly validate data supplied by the VNC server. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Some Nortel products contain this software as a component and thus are potentially affected. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. The following are vulnerable to these issues; other VNC applications may also be affected: UltraVNC prior to 1.0.5.4 TightVNC prior to 1.3.10 This bulletin addresses the following CVE: - CVE-2009-0388 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0388) Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=844599&poid= Mon, 16 Mar 2009 19:19:01 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid= On Tuesday, March 10th, Microsoft released MS09-006 - Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690). This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS09-006 addresses the following CVEs: 1) Windows Kernel Input Validation Vulnerability - CVE-2009-0081 - (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0081) A remote code execution vulnerability exists in the Windows kernel due to improper validation of input passed from user mode through the kernel component of GDI. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 2) Windows Kernel Handle Validation Vulnerability - CVE-2009-0082 - (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0082) An elevation of privilege vulnerability exists in the Windows kernel due to the manner in which the kernel validates handles. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 3) Windows Kernel Invalid Pointer Vulnerability - CVE-2009-0083 - (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0083) An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of a specially crafted invalid pointer. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user ri http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=842987&poid= Fri, 13 Mar 2009 23:22:35 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=838290&poid= Sun Microsystems has recently released Sun Alert 249087 - Solaris Samba smbd Information Disclosure Vulnerability. An information disclosure security vulnerability in Samba (SAMBA(7)) may allow a remote unprivileged user to read arbitrary memory buffer contents and cause a Denial of Service (DoS) via crafted requests. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249087-1 This advisory addresses the following common vulnerability identifier: CVE-2008-4314 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314) smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. CVSS Severity: 8.5 (HIGH) Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=838290&poid= Wed, 04 Mar 2009 14:54:08 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=837653&poid= A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to conduct spoofing attacks. Some Nortel products contain this software as a component and thus are potentially affected. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. The vulnerability is caused due to certain OpenSSL functions not correctly verifying the return value of the "EVP_VerifyFinal()" function when validating the signature of DSA and ECDSA keys. This can be exploited to bypass the signature check, such as by sending a specially crafted signature of a certificate chain to a client. Successful exploitation requires that the server uses a certificate containing a DSA or ECDSA key. Please refer to the vendor link for additional information - http://www.openssl.org/news/secadv_20090107.txt This bulletin addresses the following CVE: - CVE-2008-5077 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077) OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=837653&poid= Thu, 26 Feb 2009 15:59:51 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=835004&poid= On Tuesday, Feb 10th, Microsoft released MS09-002 - Cumulative Security Update for Internet Explorer (961260). This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the error resulting in the exploitable condition. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS09-002 addresses the following CVEs: 1. Uninitialized Memory Corruption Vulnerability - CVE-2009-0075 A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. 2. CSS Memory Corruption Vulnerability - CVE-2009-0076 A remote code execution vulnerability exists in the way Internet Explorer handles Cascading Style Sheets (CSS). An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. Please refer to the Microsoft link in the Source section for additional information about workarounds and mitigating factors for the vulnerabilities addressed by this update. Microsoft Ratings: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 1 - Consistent Exploit Code Likely Before taking any action please ensure that you are viewing the latest official version of this security advisory by http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=835004&poid= Fri, 13 Feb 2009 16:12:09 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=833999&poid= Sun Microsystems has recently released Sun Alert 249086 - Security Vulnerability in samba(7) Specially Crafted Packet May Allow Execution of Arbitrary Code With Root Privileges. According to Sun, a heap-based buffer overflow in the Samba client (SMBCLIENT(1)) may allow a remote unprivileged user to execute arbitrary code using a crafted SMB response. Since the Samba daemon (smbd(1M)) can also act as the client during operations such as printer notification and domain authentication, this issue affects both the Samba client and server. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 249086 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249086-1 This bulletin addresses the following CVE: 1. CVE-2008-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105 Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=833999&poid= Mon, 09 Feb 2009 15:25:29 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834296&poid= Sun Microsystems has recently released Sun Alert 247346 - A Security Vulnerability in the libxml2 Library May Lead to Denial of Service (DoS). According to Sun, a security vulnerability in the libxml2 library (see libxml2(3)) bundled with Solaris 9 and Solaris 10 may allow a local or remote unprivileged user who provides a specially crafted XML file to cause a denial of service (DoS) to the application which is using the libxml2 library (or potentially to the system as a whole as the application may consume excessive resources). This vulnerability may impact applications making use of this library, and the precise impact will vary depending on the application. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 247346 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247346-1 This bulletin addresses the following CVE: 1. CVE-2008-3529 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529) Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long XML entity name. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834296&poid= Mon, 09 Feb 2009 15:25:15 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834276&poid= Sun Microsystems has recently released Sun Alert 248526 - A Security Vulnerability in the vncviewer(1) RFB Protocol Validation May Allow Execution of Arbitrary Code and Lead to a Denial of Service (DoS). According to Sun, the VNC viewer for X (vncviewer(1)) contains a security vulnerability within the validation function for the server-supplied RFB protocol data that may allow a remote unprivileged user to execute arbitrary code with the privileges of the local user and crash the viewer. The ability to crash the VNC viewer is a type of Denial of Service (DoS). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 248526 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248526-1 This bulletin addresses the following CVE: 1. CVE-2008-4770 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4770) The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type." Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834276&poid= Mon, 09 Feb 2009 15:24:56 GMT http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid= Sun Microsystems has recently released Sun Alert 248586 - Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris. According to Sun, the alert addresses multiple security vulnerabilities in the Flash Player plugin distributed with Solaris which may allow a remote unprivileged user the ability to execute arbitrary code with the privileges of a local user on the system while loading a malicious SWF file with the affected plugin. In addition, the Flash Player plugin may allow a remote user to bypass the Security Sandbox Model, modify the clipboard with a URL, allow cross-site scripting attacks, inject arbitrary web script or HTML, obtain sensitive data, conduct DNS rebinding and hijack the camera or microphone while loading a malicious SWF file with the affected plugin. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 248586 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248586-1 This bulletin addresses the following CVEs: * CVE-2008-4818 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4818 * CVE-2008-4819 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4819 * CVE-2008-4820 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4820 * CVE-2008-4821 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4821 * CVE-2008-4822 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822 * CVE-2008-4823 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4823 * CVE-2008-4824 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4824 * CVE-2007-6243 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243 * CVE-2008-3873 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3873 * CVE-2007-4324 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324 * CVE-200 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid= Mon, 09 Feb 2009 15:24:41 GMT