Vulnerability-Lookup

CERTA-2005-AVI-244

Vulnerability from certfr_avis - Published: 2005-07-06 - Updated: 2005-07-06

Une vulnérabilité affectant de nombreux produits Nortel permet à un utilisateur distant mal intentionné d'effectuer un déni de service.

Description

Cette vulnérabilité permet à une personne malveillante de réaliser à distance un déni de service en forçant le redémarrage de l'équipement vulnérable, au moyen d'un paquet IKE malicieusement construit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	VPN Router série 1000 ;
N/A	N/A	VPN Router série 4000 ;
N/A	N/A	Connectivity 4600 Secure IP Services Gateway ;
N/A	N/A	Connectivity 1600 Secure IP Services Gateway ;
N/A	N/A	Connectivity 4500 VPN Switch ;
N/A	N/A	Connectivity 1500 VPN Switch ;
N/A	N/A	Connectivity 4000 VPN Switch ;
N/A	N/A	VPN Router série 2000 ;
N/A	N/A	Connectivity 1000 VPN Switch ;
N/A	N/A	Connectivity 2000 VPN Switch ;
N/A	N/A	VPN Router série 5000 ;
N/A	N/A	Connectivity 2500 VPN Switch ;
N/A	N/A	VPN Router série 600 ;
N/A	N/A	VPN Router Portfolio ;
N/A	N/A	Connectivity 2600 Secure IP Services Gateway ;

References

Title

Publication Time

Tags

Bulletin de sécurité Nortel #2005006047 du 05 juillet 2005

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VPN Router s\u00e9rie 1000 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "VPN Router s\u00e9rie 4000 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Connectivity 4600 Secure IP Services Gateway ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Connectivity 1600 Secure IP Services Gateway ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Connectivity 4500 VPN Switch ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Connectivity 1500 VPN Switch ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Connectivity 4000 VPN Switch ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "VPN Router s\u00e9rie 2000 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Connectivity 1000 VPN Switch ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Connectivity 2000 VPN Switch ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "VPN Router s\u00e9rie 5000 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Connectivity 2500 VPN Switch ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "VPN Router s\u00e9rie 600 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "VPN Router Portfolio ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Connectivity 2600 Secure IP Services Gateway ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 une personne malveillante de r\u00e9aliser \u00e0\ndistance un d\u00e9ni de service en for\u00e7ant le red\u00e9marrage de l\u0027\u00e9quipement\nvuln\u00e9rable, au moyen d\u0027un paquet IKE malicieusement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2005-07-06T00:00:00",
  "last_revision_date": "2005-07-06T00:00:00",
  "links": [],
  "reference": "CERTA-2005-AVI-244",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-07-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 affectant de nombreux produits Nortel permet \u00e0 un\nutilisateur distant mal intentionn\u00e9 d\u0027effectuer un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Nortel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Nortel #2005006047 du 05 juillet 2005",
      "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=SECUREADVISORY"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted