In association with heise online

17 October 2007, 17:01

Vulnerabilities in Avaya VoIP products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Several potentially serious vulnerabilities have been discovered in a number of products by VoIP specialist Avaya in the last few days. The vendor describes the bugs, which may allow attackers to remotely inject arbitrary code into vulnerable systems and obtain local root privileges, in its own advisories. Avaya provides a long list of affected products: Converged Communications Server, CVLAN, Integrated Management Suite (IMS), Intuity LX, Modular Messaging, Message Networking and SIP Enablement Services (SES).

The flaws are mainly security holes in components of the underlying Linux platforms which have already been resolved by their developers. Affected modules include the CUPS printing system, the Qt graphics library, the NFS network filing system and the graphics server. No patches appear to be available for the Avaya products so far. In an official statement, the vendor advises users to restrict physical and network access to vulnerable systems as far as possible until security updates have been released.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit