MidnightBSD

Advisories for nortel

CVE-2000-0009 HIGH

The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel optivity_net_architect 2.0
CVE-2000-0063 MEDIUM

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel contivity 1.0
CVE-2000-0064 MEDIUM

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel contivity 1.0
CVE-2000-0221 MEDIUM

The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel nautica_marlin *
CVE-2002-0209 MEDIUM

Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel alteon_acedirector 9.0
CVE-2002-0540 HIGH

Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel cvx_1800_multi-service_access_switch 3.6.3
CVE-2003-1115 HIGH

The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel succession_communication_server_2000 *
CVE-2004-0056 HIGH

Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel 802.11_wireless_ip_gateway *
nortel succession_communication_server_1000 *
nortel business_communications_manager *
CVE-2004-0839 MEDIUM

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya definity_one_media_server *
avaya modular_messaging_message_storage_server 2.0
microsoft windows_2003_server web
microsoft windows_98 *
avaya s3400 *
nortel symposium_web_centre_portal *
microsoft windows_2000 *
microsoft internet_explorer 5.0.1
avaya s8100 *
microsoft ie 6.0
avaya modular_messaging_message_storage_server 1.1
nortel optivity_telephony_manager *
microsoft windows_2003_server standard
microsoft windows_me *
avaya ip600_media_servers *
nortel ip_softphone_2050 *
microsoft windows_2003_server enterprise_64-bit
microsoft windows_xp *
nortel symposium_web_client *
microsoft windows_2003_server r2
microsoft windows_2003_server enterprise
nortel mobile_voice_client_2050 *
microsoft internet_explorer 5.5
microsoft windows_98se *
microsoft internet_explorer 6.0
CVE-2004-1105 MEDIUM

Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel contivity 4.91
CVE-2004-1305 MEDIUM

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft windows_2003_server web
nortel media_processing_server *
microsoft windows_2003_server standard
nortel symposium_network_control_center *
microsoft windows_me *
nortel ip_softphone_2050 *
microsoft windows_2003_server enterprise_64-bit
nortel symposium_tapi_service_provider *
microsoft windows_98 *
nortel symposium_web_centre_portal *
nortel media_communication_server_5100 3.0
microsoft windows_2000 *
microsoft windows_xp *
nortel symposium_web_client *
microsoft windows_2003_server r2
nortel symposium_agent *
microsoft windows_2003_server enterprise
microsoft windows_98se *
nortel symposium_call_center_server *
microsoft windows_nt 4.0
nortel media_communication_server_5200 3.0
nortel symposium_express_call_center *
nortel periphonics *
CVE-2004-1319 MEDIUM

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft windows_2003_server web
nortel optivity_telephony_manager *
microsoft windows_2003_server standard
microsoft windows_me *
nortel ip_softphone_2050 *
microsoft windows_2003_server enterprise_64-bit
microsoft windows_98 *
microsoft windows_2000 *
microsoft windows_xp *
microsoft windows_2003_server r2
microsoft windows_2003_server enterprise
nortel mobile_voice_client_2050 *
microsoft windows_98se *
CVE-2004-2549 MEDIUM

Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel wlan_access_point_2225 *
nortel wlan_access_point_2220 *
nortel wlan_access_point_2221 *
CVE-2004-2621 MEDIUM

Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel contivity 2.1.7
nortel contivity 5.01
nortel contivity 4.91
nortel contivity 3.01
nortel contivity 3.00
CVE-2005-0356 MEDIUM

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cisco sn_5420_storage_router_firmware 1.1(3)
f5 tmos 4.5.12
cisco sn_5420_storage_router_firmware 1.1(2)
yamaha rt250i *
freebsd freebsd 2.2.5
cisco content_services_switch_11050 *
cisco unity_server 3.3
cisco content_services_switch_11800 *
nortel callpilot 201i
microsoft windows_2003_server standard_64-bit
cisco ciscoworks_cd1 4th
nortel survivable_remote_gateway 1.0
yamaha rt57i *
cisco webns 7.30_(00.08)s
freebsd freebsd 4.2
freebsd freebsd 4.5
cisco sn_5420_storage_router_firmware 1.1(7)
freebsd freebsd 3.2
freebsd freebsd 4.7
cisco sn_5420_storage_router_firmware 1.1(5)
freebsd freebsd 1.1.5.1
microsoft windows_2003_server standard
cisco secure_access_control_server 2.6
freebsd freebsd 3.5.1
cisco content_services_switch_11000 *
cisco secure_access_control_server 3.0.3
f5 tmos 4.4
freebsd freebsd 4.3
cisco secure_access_control_server 3.3.2
f5 tmos 4.2
nortel business_communications_manager 200
cisco personal_assistant 1.4(1)
cisco secure_access_control_server 3.2(1.20)
nortel callpilot 702t
cisco secure_access_control_server 3.1
freebsd freebsd 2.1.6.1
cisco secure_access_control_server 3.3.1
f5 tmos 4.5.10
cisco secure_access_control_server 2.3.6.1
cisco ciscoworks_lms 1.3
freebsd freebsd 2.2.8
cisco sn_5428_storage_router 3.3.1-k9
cisco unity_server 3.0
yamaha rt105 *
freebsd freebsd 3.3
yamaha rtv700 *
yamaha rtx1100 *
cisco content_services_switch_11500 *
cisco webns 7.10_(05.07)s
nortel 7250_wlan_access_point *
cisco call_manager 3.3(3)
f5 tmos 9.0.3
f5 tmos 9.0.4
hitachi gr3000 *
cisco emergency_responder 1.1
cisco call_manager 1.0
cisco sn_5420_storage_router_firmware 1.1(4)
cisco unity_server 2.2
cisco ciscoworks_cd1 5th
hitachi alaxala ax
freebsd freebsd 2.1.5
openbsd openbsd 3.1
cisco content_services_switch_11501 *
nortel universal_signaling_point 5200
f5 tmos 4.0
cisco call_manager 3.1
cisco secure_access_control_server 2.6.3
freebsd freebsd 3.4
openbsd openbsd 3.2
f5 tmos 4.5
cisco aironet_ap1200 *
nortel optical_metro_5100 *
freebsd freebsd 2.2.6
cisco content_services_switch_11150 *
cisco ciscoworks_common_management_foundation 2.1
cisco intelligent_contact_manager 5.0
f5 tmos 4.6.2
f5 tmos 9.0.2
microsoft windows_2003_server enterprise_64-bit
freebsd freebsd 2.2.3
microsoft windows_xp *
cisco secure_access_control_server 3.3
cisco secure_access_control_server 3.2(3)
cisco webns 7.20_(03.09)s
cisco ciscoworks_access_control_list_manager 1.6
cisco secure_access_control_server 3.1.1
cisco call_manager 3.1(2)
freebsd freebsd 4.6
f5 tmos 4.6
cisco remote_monitoring_suite_option *
f5 tmos 4.5.6
cisco secure_access_control_server 3.2.1
cisco sn_5428_storage_router 2.5.1-k9
cisco ciscoworks_cd1 3rd
cisco call_manager 2.0
nortel succession_communication_server_1000 *
cisco unity_server 2.3
cisco secure_access_control_server 3.2(2)
cisco sn_5428_storage_router 2-3.3.2-k9
cisco personal_assistant 1.3(4)
nortel business_communications_manager 1000
freebsd freebsd 3.1
cisco secure_access_control_server 3.2.2
freebsd freebsd 2.2.2
cisco secure_access_control_server 2.4
cisco meetingplace *
freebsd freebsd 4.11
cisco e-mail_manager *
cisco interactive_voice_response *
cisco ciscoworks_cd1 1st
freebsd freebsd 2.2
cisco webns 7.30_(00.09)s
cisco ciscoworks_vpn_security_management_solution *
cisco secure_access_control_server 3.0
cisco support_tools *
microsoft windows_2003_server web
cisco unity_server 2.46
cisco unity_server 3.1
cisco personal_assistant 1.4(2)
freebsd freebsd 5.1
cisco content_services_switch_11503 *
nortel optical_metro_5200 *
freebsd freebsd 2.1.7.1
cisco ciscoworks_cd1 2nd
microsoft windows_2000 *
hitachi gs4000 *
cisco sn_5420_storage_router_firmware 1.1.3
freebsd freebsd 4.4
cisco secure_access_control_server 2.6.4
cisco mgx_8250 1.2.11
alaxala alaxala_networks ax7800r
f5 tmos 4.3
cisco call_manager 3.0
cisco unity_server 2.0
freebsd freebsd 4.9
cisco personal_assistant 1.3(1)
cisco ciscoworks_access_control_list_manager 1.5
microsoft windows_2003_server enterprise
cisco mgx_8230 1.2.11
f5 tmos 4.5.11
cisco ip_contact_center_enterprise *
freebsd freebsd 2.0
freebsd freebsd 3.5
cisco secure_access_control_server 2.0
yamaha rtx2000 *
nortel callpilot 200i
freebsd freebsd 4.1.1
freebsd freebsd 2.1.0
freebsd freebsd 4.1
cisco conference_connection 1.1(1)
cisco unity_server 3.2
cisco secure_access_control_server 3.2
cisco personal_assistant 1.3(2)
freebsd freebsd 4.6.2
nortel ethernet_routing_switch_1648 *
nortel optical_metro_5000 *
cisco ciscoworks_windows *
yamaha rt300i *
freebsd freebsd 5.3
cisco secure_access_control_server 2.3.5.1
yamaha rtx1000 *
nortel 7220_wlan_access_point *
cisco secure_access_control_server 3.0.1
openbsd openbsd 3.4
cisco ciscoworks_common_management_foundation 2.2
nortel universal_signaling_point compact_lite
alaxala alaxala_networks ax7800s
cisco secure_access_control_server 2.6.2
nortel contact_center *
yamaha rtx1500 *
openbsd openbsd 3.0
microsoft windows_2003_server r2
cisco sn_5428_storage_router 3.2.1-k9
cisco ip_contact_center_express *
nortel ethernet_routing_switch_1624 *
cisco secure_access_control_server 2.42
cisco unity_server 2.1
f5 tmos 9.0.1
cisco ciscoworks_1105_hosting_solution_engine *
cisco sn_5428_storage_router 3.3.2-k9
openbsd openbsd 3.6
nortel ethernet_routing_switch_1612 *
freebsd freebsd 3.0
nortel business_communications_manager 400
cisco call_manager 3.2
cisco mgx_8230 1.2.10
cisco secure_access_control_server 2.3
nortel callpilot 703t
cisco ciscoworks_common_management_foundation 2.0
cisco secure_access_control_server 3.3(1)
freebsd freebsd 5.4
cisco secure_access_control_server 2.1
f5 tmos 9.0.5
freebsd freebsd 5.2.1
freebsd freebsd 2.1.6
cisco call_manager 3.3
f5 tmos 4.5.9
cisco conference_connection 1.2
freebsd freebsd 4.10
cisco webns 7.20_(03.10)s
cisco call_manager 4.0
freebsd freebsd 4.8
cisco call_manager 3.1(3a)
cisco sn_5428_storage_router 2-3.3.1-k9
cisco sn_5428_storage_router 3.2.2-k9
cisco ciscoworks_windows_wug *
cisco unity_server 2.4
cisco sn_5420_storage_router *
cisco aironet_ap350 *
cisco agent_desktop *
freebsd freebsd 2.0.5
freebsd freebsd 2.2.4
cisco content_services_switch_11506 *
hitachi gr4000 *
cisco secure_access_control_server 2.5
cisco personal_assistant 1.3(3)
cisco ciscoworks_common_services 2.2
openbsd openbsd 3.3
cisco ciscoworks_1105_wireless_lan_solution_engine *
freebsd freebsd 5.0
cisco mgx_8250 1.2.10
alaxala alaxala_networks ax5400s
openbsd openbsd 3.5
freebsd freebsd 5.2
cisco secure_access_control_server 3.2(1)
cisco web_collaboration_option *
freebsd freebsd 4.0
f5 tmos 9.0
cisco unity_server 4.0
CVE-2005-0844 MEDIUM

Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
nortel contivity 5.01
CVE-2005-1802 MEDIUM

Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel vpn_router_1740 *
nortel contivity 1600_secure_ip_services_gateway
nortel vpn_router_1700 *
nortel contivity 2500_vpn_switch
nortel contivity 1500_vpn_switch
nortel contivity 4500_secure_ip_services_gateway
nortel vpn_router_1010 *
nortel vpn_router_2700 *
nortel vpn_router_600 *
nortel vpn_router_5000 *
nortel contivity 2000_vpn_switch
nortel vpn_router_1100 *
nortel contivity 1000_vpn_switch
nortel contivity 4600_secure_ip_services_gateway
nortel vpn_router_1050 *
nortel contivity 2600_secure_ip_services_gateway
nortel contivity 4000_vpn_switch
CVE-2005-2579 HIGH

Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel contivity v05_01.030
CVE-2005-4197 HIGH

tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel ssl_vpn *
nortel ssl_vpn 4.1.2.12
nortel ssl_vpn 4.1.2.11
CVE-2007-3361 HIGH

The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to cause a denial of service (device crash) via a SIP message with a malformed header.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel pc_client_soft_phone_sip 4.1
CVE-2007-3438 HIGH

Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nortel sip_softphone 4.13.5.208