|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Mar 07 2007 - 05:02:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background
and experience in writing exploit code:
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
http://secunia.com/Disassembling_og_Reversing/
----------------------------------------------------------------------
TITLE:
Avaya CMS / IR Sun Solaris rm Race Condition Vulnerability
SECUNIA ADVISORY ID:
SA24405
VERIFY ADVISORY:
http://secunia.com/advisories/24405/
CRITICAL:
Less critical
IMPACT:
Manipulation of data, Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
Avaya Call Management System (CMS)
http://secunia.com/product/4615/
SOFTWARE:
Avaya Interactive Response 1.x
http://secunia.com/product/4767/
DESCRIPTION:
Avaya has acknowledged a vulnerability in Avaya CMS and IR, which can
be exploited by malicious, local users to perform certain actions with
escalated privileges.
For more information:
SA24082
The following versions are affected:
* Avaya CMS V9, V11, R12, and R13/R13.1
* Avaya IR 1.2.1, 1.3, 2.0 on Solaris 8 and Solaris 10
SOLUTION:
Avaya CMS:
A patch will reportedly be available once the vendor has tested and
approved the patch from Sun.
Avaya IR:
Install the latest Solaris patch cluster available from the
Interactive Response section.
http://support.avaya.com/japple/css/japple?PAGE=ProductArea&temp.productID=148128&temp.bucketID=108025
ORIGINAL ADVISORY:
http://support.avaya.com/elmodocs2/security/ASA-2007-102.htm
OTHER REFERENCES:
SA24082:
http://secunia.com/advisories/24082/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]