Security Advisory: [SA17255] Nortel Threat Protection System Back Orifice Pre-Processor Buffer Overflow

[EN] securityvulns.ru
no-pyccku

Related information
  snort intrusion detection system (IDS) buffer overflow
  Internet Security Systems Protection Advisory: Snort Back Orifice Parsing Remote Code Execution
  US-CERT Technical Cyber Security Alert TA05-291A -- Snort Back Orifice Preprocessor Buffer Overflow

From: SECUNIA <support_(at)_secunia.com>
Date: 19.10.2005
Subject: [SA17255] Nortel Threat Protection System Back Orifice Pre-Processor Buffer Overflow

TITLE:
Nortel Threat Protection System Back Orifice Pre-Processor Buffer
Overflow

SECUNIA ADVISORY ID:
SA17255

VERIFY ADVISORY:
http://secunia.com/advisories/17255/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

OPERATING SYSTEM:
Nortel Threat Protection System Defense Center
http://secunia.com/product/5932/
Nortel Threat Protection System Intrusion Sensor
http://secunia.com/product/5933/

DESCRIPTION:
Nortel Networks has acknowledged a vulnerability in two Threat
Protection System products, which can be exploited by malicious
people to compromise a vulnerable system.

For more information:
SA17220

The vulnerability affects the following products:
* Nortel Threat Protection System Intrusion Sensor 4.1
* Nortel Threat Protection System Defense Center 4.1

NOTE: Threat Protection System Defense Center is not directly
vulnerable, but includes a vulnerable version of Snort.

SOLUTION:
Apply Nortel TPS Snort Engine Update (SEU) #6.
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=SWDETAIL&Sof
twareOID=362101

ORIGINAL ADVISORY:
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&D
ocumentOID=362187&RenditionID=

OTHER REFERENCES:
SA17220:
http://secunia.com/advisories/17220/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

test server