-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2009.1193
             Avaya Multiple products: Multiple vulnerabilities
                              18 August 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Avaya Communication Manager
                   Avaya Intuity AUDIX LX
                   Avaya Message Storage Server
                   Avaya Message Networking
                   Avaya SIP Enablement Services
                   Avaya Voice Portal VP
                   Avaya Meeting Exchange
                   Avaya Proactive Contact
                   Avaya AES
Publisher:         Avaya
Operating System:  Network Appliance
Impact/Access:     Denial of Service               -- Remote/Unauthenticated
                   Execute Arbitrary Code/Commands -- Existing Account      
                   Increased Privileges            -- Existing Account      
                   Access Confidential Data        -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2009-1758 CVE-2009-1630 CVE-2009-1385
                   CVE-2009-1192 CVE-2009-1072 

Reference:         ESB-2009.1001.2

Original Bulletin: 
   http://support.avaya.com/elmodocs2/security/ASA-2009-277.htm

- --------------------------BEGIN INCLUDED TEXT--------------------

kernel security and bug fix update (RHSA-2009-1132)

Original Release Date: July 17, 2009 
Last Revised: July 17, 2009 
Number: ASA-2009-277 
Risk Level: Medium 
Advisory Version: 1.0 
Advisory Status: Interim

1. Overview:

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

These updated packages fix the following security issues:

* a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. 
Frames with sizes near the MTU of an interface may be split across multiple 
hardware receive descriptors. Receipt of such a frame could leak through a 
validation check, leading to a corruption of the length check. A remote 
attacker could use this flaw to send a specially-crafted packet that would 
cause a denial of service. The Common Vulnerabilities and Exposures project 
(cve.mitre.org) has assigned the name CVE-2009-1385 to this issue.

* the Linux kernel Network File System daemon (nfsd) implementation did not 
drop the CAP_MKNOD capability when handling requests from local, unprivileged
users. This flaw could possibly lead to an information leak or privilege 
escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) 
has assigned the name CVE-2009-1072 to this issue.

* the NFSv4 client was missing a file permission check for the execute bit in
some situations. This could allow local, unprivileged users to run 
non-executable files on NFSv4 mounted file systems. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CVE-2009-1630 to 
this issue.

* a missing check was found in the hypervisor_callback() function in the Linux
kernel provided by the kernel-xen package. This could cause a denial of 
service of a 32-bit guest if an application running in that guest accesses a 
certain memory location in the kernel. The Common Vulnerabilities and 
Exposures project (cve.mitre.org) has assigned the name CVE-2009-1758 to this
issue.

* a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and 
agp_generic_alloc_pages() functions did not zero out the memory pages they 
allocate, which may later be available to user-space processes. This flaw 
could possibly lead to an information leak. The Common Vulnerabilities and 
Exposures project (cve.mitre.org) has assigned the name CVE-2009-1192 to this
issue.

More information about these vulnerabilities can be found in the security 
advisory issued by RedHat Linux:

    * https://rhn.redhat.com/errata/RHSA-2009-1132.html

2. Avaya System Products with kernel installed: 

Product: 
Affected Version(s): 
Risk Level: 
Actions:

Avaya Communication Manager
All 
Medium 
See recommended actions below. This issue will be addressed in accordance with
section five of Avaya's Product Security Vulnerability Response Policy
   
Avaya Intuity AUDIX LX 
IALX 2.0, 2.0 SP1, 2.0 SP2 
Medium 
This advisory will not be addressed by Intuity AUDIX LX.
   
Avaya Message Storage Server 
MSS 3.x, 4.x, 5.x 
Medium 
See recommended actions below. This issue will be addressed in accordance with
section five of Avaya's Product Security Vulnerability Response Policy

Avaya Message Networking
MN 3.1
Medium
See recommended actions below. This issue will be addressed in accordance with
section five of Avaya's Product Security Vulnerability Response Policy
   
Avaya SIP Enablement Services 
All 
Medium 
See recommended actions below. This issue will be addressed in accordance with
section five of Avaya's Product Security Vulnerability Response Policy
   
Avaya Voice Portal VP 
4.x 
Medium 
See recommended actions below. This issue will be addressed in accordance with
section five of Avaya's Product Security Vulnerability Response Policy
   
Avaya Meeting Exchange 
MX 5.0 GA, 5.0 SP1, 5.0 SP2, 5.1 GA, 5.1 SP1
Medium 
See recommended actions below. This issue will be addressed in accordance with
section five of Avaya's Product Security Vulnerability Response Policy
   
Avaya Proactive Contact 
PC 4.x 
Low 
See recommended actions below. This issue will be addressed in accordance with
section five of Avaya's Product Security Vulnerability Response Policy
   
Avaya AES 
AES 4.x 
Medium 
See recommended actions below.  This issue will be addressed in accordance 
with section five of Avaya's Product Security Vulnerability Response 
Policy


Recommended Actions: 

Avaya strongly recommends that customers follow networking and security best 
practices by implementing firewalls, ACLs, physical security or other 
appropriate access restrictions. Though Avaya believes such restrictions 
should always be in place; risk to Avaya's product and the surrounding network
from this potential vulnerability may be mitigated by ensuring these practices
are implemented until such time as a product update is available. Further 
restrictions as deemed necessary based on the customer's security policies may
be required during this interim period.


3. Avaya Software-Only Products:

Avaya software-only products operate on general-purpose operating systems. 
Occasionally vulnerabilities may be discovered in the underlying operating 
system or applications that come with the operating system. These 
vulnerabilities often do not impact the software-only product directly but may
threaten the integrity of the underlying platform.

In the case of this advisory Avaya software-only products are not affected by
the vulnerability directly but the underlying Linux platform may be. Customers
should determine on which Linux operating system the product was installed and
then follow that vendor's guidance.

Product:	               Actions:
CVLAN             Depending on the Operating System provided by customers, 
                  the affected package may be installed on the underlying 
                  Operating System supporting the CVLAN application.

Avaya Integrated  Depending on the Operating System provided by customers, 
Management Suite  the affected package may be installed on the underlying 
(IMS)	          Operating System supporting the IMS application.

Voice Portal	  Depending on the Operating System provided by customers, 
                  the affected package may be installed on the underlying 
                  Operating System supporting the Voice Portal application.

AES 4.x	          Depending on the Operating System provided by customers, 
                  the affected package may be installed on the underlying 
                  Operating System supporting the AES application.


Recommended Actions: 
In the event that the affected package is installed, Avaya recommends that 
customers follow recommended actions supplied by RedHat Linux.

4. Additional Information:

Additional information may also be available via the Avaya support website and
through your Avaya account representative. Please contact your Avaya product 
support representative, or dial 1-800-242-2121, with any questions. 

5. Disclaimer:

ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS 
PROVIDED "AS IS". AVAYA INC., ON BEHALF ITSELF AND ITS SUBSIDIARIES AND 
AFFILIATES (HEREINAFTER COLLECTIVELY REFERRED TO AS "AVAYA"), DISCLAIMS ALL 
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE 
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND 
FURTHERMORE, AVAYA MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE STEPS 
RECOMMENDED WILL ELIMINATE SECURITY OR VIRUS THREATS TO CUSTOMERS' SYSTEMS. IN
NO EVENT SHALL AVAYA BE LIABLE FOR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN
CONNECTION WITH THE INFORMATION OR RECOMMENDED ACTIONS PROVIDED HEREIN, 
INCLUDING DIRECT, INDIRECT, INCIDENTAL, STATUTORY, CONSEQUENTIAL DAMAGES, LOSS
OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF AVAYA HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

THE INFORMATION PROVIDED HERE DOES NOT AFFECT THE SUPPORT AGREEMENTS IN PLACE
FOR AVAYA PRODUCTS. SUPPORT FOR AVAYA PRODUCTS CONTINUES TO BE EXECUTED AS PER
EXISTING AGREEMENTS WITH AVAYA. 

6. Revision History:

V 1.0 - July 17, 2009 - Initial Statement issued.

Send information regarding any discovered security problems with Avaya 
products to either the contact noted in the product's documentation or 
securityalerts@avaya.com.

 2009 Avaya Inc. All Rights Reserved. All trademarks identified by the or are
registered trademarks or trademarks, respectively, of Avaya Inc. All other 
trademarks are the property of their respective owners.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://www.auscert.org.au/1967

iD8DBQFKigqWNVH5XJJInbgRAoBfAJ9iyDHKWj8hgKYLtZKTIlZ+1lZMvwCeJHXs
54cxTT96bfZHMfkn/lyvlHg=
=wvsI
-----END PGP SIGNATURE-----