Nortel Communication Server FTP CEL Command Remote DoS

2005-05-03T10:17:33
ID OSVDB:17618
Type osvdb
Reporter Michael Scheidell(scheidell@secnap.net)
Modified 2005-05-03T10:17:33

Description

Vulnerability Description

Nortel Communication Server 1000 contains a flaw that may allow a remote denial of service. The issue is triggered when the FTP CEL command is given with a parameter at least 2048 characters long, and will result in loss of availability for the ftp service.

Solution Description

Upgrade to CS1000 Release 4.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Nortel Communication Server 1000 contains a flaw that may allow a remote denial of service. The issue is triggered when the FTP CEL command is given with a parameter at least 2048 characters long, and will result in loss of availability for the ftp service.

References:

Vendor Specific News/Changelog Entry: http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2005/26/019261-01.pdf Vendor Specific Advisory URL Secunia Advisory ID:15826 Related OSVDB ID: 13576 Nessus Plugin ID:11185 Nessus Plugin ID:11184 Keyword: vxworks Keyword: voip Keyword: windriver Bugtraq ID: 6297