Nortel Response to Sun Alert 200412 - Solaris Vulnerability May Lead to DoS of rpcbind(1M) Service
| Description: |
Sun Microsystems has recently released Sun Alert 200412 - A Security Vulnerability in Solaris libnsl(3LIB) may lead to a Denial of Service (DoS) to the rpcbind(1M) Service. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 200412 is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200412-1 This bulletin addresses the following CVEs: 1. CVE-2007-0165 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0165) Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. 2. CVE-2008-4619 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4619) The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories |
| Type: |
Security Advisories |
| Number: |
2008009217, Rev 1 |
| Status: |
Retired |
| Date: |
2009-06-24 |
