Nortel: Technical Support: Nortel Response to Sun Java JDK / JRE Multiple Vulnerabilities

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel Response to Sun Java JDK / JRE Multiple Vulnerabilities

Description:	Sun Microsystems has recently issued multiple alerts dealing with potential security vulnerabilities in Java, JRE and JDK. These potential vulnerabilities can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Some Nortel products contain this software as a component and therefore are potentially affected by these issues. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Please refer to the Resolution section of this bulletin for per-product recommendations on what actions to take in response to these issues. Following is a summary of the alerts and their associated CVEs: 1) Sun Alert ID: 238628 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1 Title: Security Vulnerabilities in the Java Runtime Environment related to the processing of XML Data - CVE-2008-3105 Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application. - CVE-2008-3106 Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. 2) Sun Alert ID: 238666 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1 Title: A Security Vulnerability with the processing of fonts in the Java Runtime Environment may allow Elevation of Privileges - CVE-2008-3108 Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_
Type:	Security Advisories
Number:	2008008988, Rev 1
Status:	Retired
Date:	2008-08-14

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel Response to Sun Java JDK / JRE Multiple Vulnerabilities Checksum: aec11885a416e0b406c63ec6a6037fcd [MD5]	[pdf]	29484 bytes	English

Associated Products

Application Server 5200

Bulletin temp product

Business Communications Manager 200

Business Communications Manager 400

Business Communications Manager 50

CDMA Network Manager

CDMA SuperNode Data Manager

Circuit Switching

Communication Control Toolkit

Communication Server 1000 Telephony Manager

Communication Server 2000

Communication Server 2000 Core Manager

Communication Server 2000 Session Server Trunks

Communication Server 2000-Compact

Communication Server 2100

Contact Center - Multimedia

Contact Center Portfolio

DMS-100/200 Local Switching Systems

DMS-Global Services Platform

DMS-STP/SSP IntegratedNode (INode)

Enterprise Network Management System

Extended Peripheral Module (XPM)

GSM-UMTS Home Location Register

GSM-UMTS Mobile Switching Center Server

GSM-UMTS SuperNode Data Manager

Integrated Access - Cable

Integrated Element Management System (IEMS)

Media Gateway 9000

Media Processing Server (MPS) 1000

Media Processing Server (MPS) 500

Meridian SL-100

Multi-Wavelength Optical Repeater (MOR/MOR Plus)

Multimedia Communication Server 5100

Multiservice Data Manager (MDM)

OPTera Long Haul 4000 Optical Line System

OPTera Long Haul Optical Amplifier Shelf

Optical Network Manager

Optical Network Manager Trail Manager

Optivity Telephony Manager for SL-100

Packet Transit - AAL2

Packet Transit - IP

Packet Trunking - AAL1

Periphonics Speech Platform

Preside Management for Metro Optical Networks

Self-Service Portfolio

Services Edge Router 5500

Spectrum Peripheral Module (SPM)

Speech and Self-Service

SuperNode Data Manager

Survivable Remote Gateway (SRG) 50

Universal Access - AAL1

Universal Access - IP

VoIP Infrastructure Solutions

Wireless Network Management System (W-NMS)