Nortel: Technical Support: Nortel response to Sun Solaris security vulnerability in unzip(1L)

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel response to Sun Solaris security vulnerability in unzip(1L)

Description:	Reference: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103150-1 Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories Sun Microsystems has recently issued document 200844 (formerly Sun Alert 103150) - Security Vulnerability in unzip(1L) May Set Unintended Permissions on Extracted Files. Sun has also provided fixes for the issue. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. This bulletin addresses the following potential vulnerability: A security vulnerability in the unzip(1L) command may set unintended permissions on extracted files. This may allow a local unprivileged user to execute arbitrary code with the privileges of another user who runs the unzip command to extract files from a specially crafted unzip archive.
Type:	Security Advisories
Number:	2008008599, Rev 1
Status:	Retired
Date:	2008-06-03

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel response to Sun Solaris security vulnerability in unzip(1L) Checksum: d8c5bd13402bdf5c3b8646fba0e73484 [MD5]	[pdf]	22789 bytes	English

Associated Products

Application Server 5200

Bulletin temp product

CDMA Network Manager

CDMA SuperNode Data Manager

Circuit Switching

Communication Server 2000

Communication Server 2000 Core Manager

Communication Server 2000 Session Server Trunks

Communication Server 2000-Compact

Communication Server 2100

DMS-100/200 Local Switching Systems

DMS-Global Services Platform

DMS-STP/SSP IntegratedNode (INode)

Enterprise Network Management System

Enterprise Policy Manager

Extended Peripheral Module (XPM)

GSM-UMTS Home Location Register

GSM-UMTS Mobile Switching Center Server

GSM-UMTS SuperNode Data Manager

Integrated Access - Cable

Integrated Element Management System (IEMS)

IP Address Domain Manager

Media Gateway 9000

Media Processing Server (MPS) 100

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Meridian SL-100

Multimedia Communication Server 5100

Multiservice Data Manager (MDM)

Optical Manager

Optical Manager Element Adapter

Optical Multiservice Edge 6500

Optical Network Manager

Optivity Policy Services for Business Policy Switch

Optivity Telephony Manager for SL-100

Packet Transit - AAL2

Packet Transit - IP

Packet Trunking - AAL1

Periphonics Common Channel Signaling Server (CCSS)

Periphonics Computer Telephony Extension (CTX)

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Policy Services application

Preside Management for Metro Optical Networks

Self-Service Portfolio

Spectrum Peripheral Module (SPM)

Speech and Self-Service

Succession Multimedia Communications

SuperNode Data Manager

Universal Access - AAL1

Universal Access - IP

VoIP Infrastructure Solutions

Wireless Network Management System (W-NMS)