Nortel Response to Microsoft Security Bulletin MS09-001
| Description: |
On Tuesday, Jan 13th, Microsoft released security update. MS09-001 - Vulnerabilities in SMB Could Allow Remote Code Execution (958687). This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. Some Nortel products contain this software as a component. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. MS09-001 addresses the following CVEs: 1. SMB Buffer Overflow Remote Code Execution Vulnerability - CVE-2008-4834 An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could take complete control of the system. Most attempts to exploit this vulnerability would result in a system denial of service condition, however remote code execution is theoretically possible. 2. SMB Validation Remote Code Execution Vulnerability - CVE-2008-4835 An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could cause the attacker to take complete control of the system. Most attempts to exploit this vulnerability would result in a system denial of service condition, however remote code execution is theoretically possible. 3. SMB Validation Denial of Service Vulnerability - CVE-2008-4114 A deni |
| Type: |
Security Advisories |
| Number: |
2009009284, Rev 1 |
| Status: |
Retired |
| Date: |
2009-07-17 |
