Nortel Response to Microsoft Security Bulletin MS08-060
| Description: |
On October 14th, 2008, Microsoft released a security update MS08-060 - Vulnerability in Active Directory Could Allow Remote Code Execution (957280). Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS08-060 addresses the following vulnerability: Active Directory Overflow Vulnerability - CVE-2008-4023 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4023) A remote code execution vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability is due to incorrect memory allocation when receiving specially crafted LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Please refer to the MS08-060 link in the Source section for additional information on workarounds and mitigating factors. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic |
| Type: |
Security Advisories |
| Number: |
2008009124, Rev 1 |
| Status: |
Retired |
| Date: |
2009-05-29 |
