Nortel: Technical Support: Nortel response to 2 Sun Alerts regarding Solaris 10 potential security vulnerabilities

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

Nortel response to 2 Sun Alerts regarding Solaris 10 potential security vulnerabilities

Description:	Sun Microsystems has recently released the following 2 Sun Alerts: 1. Sun Alert 257008 - Vulnerability with the Solaris TCP/IP Networking Stack Involving the Cassini Gigabit-Ethernet Device http://sunsolve.sun.com/search/document.do?assetkey=1-66-257008-1 - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the TCP/IP networking stack related to the Cassini Gigabit-Ethernet Device Driver when handling jumbo frames and can be exploited to crash the system. Successful exploitation requires that a system uses a GigaSwift Ethernet Adapter interface configured to accept jumbo frames with hardware check-summing enabled. 2. Sun Alert 258828 - Memory Leak in the Solaris Ultra-SPARC T2 crypto provider device driver (n2cp(7D)) http://sunsolve.sun.com/search/document.do?assetkey=1-66-258828-1 - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users and potentially malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a memory leak in the Solaris Ultra-SPARC T2 crypto provider device driver. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. This bulletin addresses the following CVEs: 1) CVE-2009-2136 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2136) Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_117, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames 2) CVE-2009-2137 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2137) Memory leak in the Ultra-SPARC T
Type:	Security Advisories
Number:	2009009601, Rev 1
Status:	Active
Date:	2009-07-09

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		Nortel response to 2 Sun Alerts regarding Solaris 10 potential security vulnerabilities Checksum: 2c79e975e3c161b9f586be829f2760ba [MD5]	[pdf]	20639 bytes	English

Associated Products

Media Processing Server (MPS) 1000

Periphonics Common Channel Signaling Server (CCSS)

Periphonics PeriToolsWorkstation

Periphonics Speech Platform

Self-Service Portfolio

Speech and Self-Service