Nortel: Technical Support: Wireless Networks: UMTS Networks

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Product Overview

Help Using This Site

Nortel response to OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability - CVE-2006-3738

Description:	Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories =========== == Source == =========== On September 28, 2006 - DeepSight Alert Service identified an OpenSSL vulnerability as Bugtraq Id 20249. This vulnerability is also identified as CVE-2006-3738. Link to OpenSSL Advisory: http://www.openssl.org/news/secadv_20060928.txt (refer to CVE-2006-3738). ============= == Overview == ============= OpenSSL is prone to a buffer-overflow vulnerability; fixes are available. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that utilize the affected library. Failed exploit attempts may result in crashing applications, denying service to legitimate users. Some Nortel products are potentially affected by this issue. Please see the Analysis section of this bulletin for a breakdown per product.
Type:	Security Advisories
Number:	2006007439, Rev 1
Status:	Retired
Date:	2007-10-31

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel response to OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability - CVE-2006-3738 Checksum: 960b2230367b87a90a06ab052a6eed4b [MD5]	[pdf]	25492 bytes	English

Associated Products

Access Stack Node (ASN)

Advanced Remote Node (ARN)

Alteon Switched Firewall 5400, 5600, and 5700

Application Server 5200

Backbone Concentrator Node (BCN)

Backbone Link Node (BLN)

Bulletin temp product

CDMA Network Manager

CDMA Packet Data Serving Node (PDSN)

Communication Server 1000M Cabinet/Chassis

Communication Server 1000S

Communication Server 2100

Contivity 2600 Secure IP Services Gateway

Contivity 4500 Secure IP Services Gateway

Contivity 4600 Secure IP Services Gateway

Extended Peripheral Module (XPM)

Integrated Access - Cable

IP Address Domain Manager

Media Gateway 9000

Media Processing Server (MPS) 500

Meridian 1 Option 11C

Meridian 1 Option 11C Mini

Meridian 1 Option 51C, Option 61C, Option 81C

Mobile Location Center (MLC)

Multimedia Communication Server 5100

Multiprotocol Router 2430

Multiprotocol Router 5430

Multiservice Data Manager (MDM)

Packet Transit - IP

Periphonics Speech Platform

Self-Service Portfolio

Services Edge Router 5500

Speech and Self-Service

Switched Firewall 5100 Series

Switched Firewall 6000 Series

Threat Protection System 2050 Intrusion Sensor

Threat Protection System 2050 Threat Intelligence Sensor

Threat Protection System 2070 Defense Center

Threat Protection System 2070 Intrusion Sensor

Threat Protection System 2070 Threat Intelligence Sensor

Threat Protection System 2150 Intrusion Sensor

Threat Protection System 2170 Intrusion Sensor

Threat Protection System SEU/Rule Pack Updates

Universal Access - AAL1

Universal Access - IP

Universal Signaling Point

Universal Signaling Point Compact (USPc)

VoIP Infrastructure Solutions

VPN Router 200 Series

VPN Router 1010

VPN Router 1050

VPN Router 1100

VPN Router 1700

VPN Router 1740

VPN Router 1750

VPN Router 2700

VPN Router 5000

VPN Router Portfolio

Wireless Gateway 7250

Wireless Network Management System (W-NMS)