Nortel Response to OpenSSL DTLS Heap Buffer Overflow Vulnerability
| Description: |
OpenSSL is prone to a heap buffer-overflow vulnerability because the library fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users. The vendor has released OpenSSL 0.9.8 f to address this issue. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. This bulletin addresses the following potential vulnerability: 1. CVE-2007-4995 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995) Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories |
| Type: |
Security Advisories |
| Number: |
2008008923, Rev 1 |
| Status: |
Retired |
| Date: |
2008-12-01 |
