Nortel: Technical Support: Nortel Response to Sun Alerts 245806 & 259468 - Solaris 8 & 9 - Vulnerabilities associated with sadmind(1M) Daemon

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Response to Sun Alerts 245806 & 259468 - Solaris 8 & 9 - Vulnerabilities associated with sadmind(1M) Daemon

Description:	Sun Microsystems has recently released the following alerts - 1) Sun Alert 245806 - Buffer Overflow in Solaris sadmind(1M) Daemon A buffer overflow security vulnerability in the Solaris sadmind(1M) daemon may allow a local or remote unprivileged user to execute arbitrary code with root privileges. This issue affects the Solaris 8 and Solaris 9 OS's. 2) Sun Alert 259468 - Multiple Vulnerabilities in the Solaris 8 and 9 sadmind(1M) Daemon On Solaris 8 and 9 heap and integer overflow vulnerabilities in the Solaris sadmind(1M) daemon may allow a local or remote unprivileged user to execute arbitrary code with root privileges. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. The Sun Alerts are available at - Sun Alert 245806: http://sunsolve.sun.com/search/document.do?assetkey=1-66-245806-1 Sun Alert 259468: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259468-1 This bulletin addresses the following 3 CVEs: 1) CVE-2008-4556 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4556) Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request. 2) CVE-2008-3869 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3869) Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. 3) CVE-2008-3870 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3870) Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. Before taking any action please ensure
Type:	Security Advisories
Number:	2009009568, Rev 1
Status:	Retired
Date:	2009-12-10

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Response to Sun Alerts 245806 & 259468 - Solaris 8 & 9 - Vulnerabilities associated with sadmind(1M) Daemon Checksum: 433fa8c1879c2b83b31efe8834aa0275 [MD5]	[pdf]	23233 bytes	English

Associated Products

Bulletin temp product

CDMA Network Manager

Enterprise Network Management System

Media Gateway 9000

Media Processing Server (MPS) 100

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Multimedia Communication Server 5100

Optical Manager

Optical Manager Element Adapter

Optical Network Manager

Periphonics Common Channel Signaling Server (CCSS)

Periphonics Computer Telephony Extension (CTX)

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Preside Management for Metro Optical Networks

Self-Service Portfolio

Speech and Self-Service

Succession Multimedia Communications

Universal Access - AAL1

Universal Access - IP

VoIP Infrastructure Solutions