New Sun Alert Notifications from Sun Microsystems have been issued and are described below. Issues which have been resolved by Sun Microsystems have been indicated as such. Notifications without a resolution may have restrictions to additional information on the sunsolve.sun.com website.
Avaya System Products using a Sun Microsystems Operating System:
Avaya system products include an Operating System with the product when it is
delivered. The Avaya Call Management System (CMS) and the
Avaya Interactive Response (IR) are both shipped with an
operating system from Sun Microsystems. Actions to be taken on those
products are described below.
Recommended Actions:
Follow the recommended actions for each
notification described below. This advisory will be updated as additional
information becomes available.
Sun Advisory: | Affected S/W Version | Risk | Comments or Recommended Actions |
---|---|---|---|
102606 | CMS - All IR - 2.0 |
None | CMS does not use Solaris 10 and IR 2.0 does not use link aggregation in Solaris 10. |
102636 | CMS - All IR - All |
None | Neither CMS or IR install or use the Veritas Oracle Disk Manager software. |
102640 | CMS - All IR - 2.0 |
CMS - None IR - Low |
CMS does not use the Solaris 10 platform IR is currently testing patches and will advise when they are available. |
102648 | CMS - All IR - All |
CMS - None IR - Low |
CMS does not utilize the products listed. IR is vulnerable and is awaiting a patch from Sun. |
102651 | CMS - All IR - All |
None | Neither CMS or IR utilize the Sun Fire T1000 or T2000 platforms. |
102652 | CMS - V9, V11, R12, R13/R13.1 IR - 2.0 |
CMS - Low IR - None |
CMS - For CMS V9 and V11 systems install patch 111844-04. For
CMS R12 and R13/R13.1 install patch 124830-01. IR - IR is not affected by this issue however customers can use the workaround detailed in "Workarounds" below until a patch becomes available. |
102655 | CMS - All IR - All |
None | Neither CMS or IR utilize Sun Brocade Switches. |
102657 | CMS - All IR - All |
None | Neither CMS or IR install and/or use the Sun Global Desktop Software. |
Two workarounds for Sun Alert ID 102652 are provided below (as provided by
the Sun Alert). Select one of the two to implement.
A) Use an alternate login mechanism such as dtlogin(1) or if using Solaris
10, gdm(1).
or:
B) Modify the xdm(1) configuration file, xdm-config, and create a new
Xsession file using the following commands as the root user:
# cd /usr/openwin/lib/X11/xdm
# mv xdm-config xdm-config.orig
# sed -e 's/cp \/dev\/null "$errfile"/umask 077 \&\& cp \/dev\/null
"$errfile"/' Xsession > /etc/X11/Xsession
# sed -e 's/\/usr\/openwin\/lib\/X11\/xdm\/Xsession/\/etc\/X11\/Xsession/'
xdm-config.orig > xdm-config
then restore executable permissions to the file by running the following
command:
# chmod 755 Xsession
Additional information may also be available via the Avaya support website and through your Avaya account representative. Please contact your Avaya product support representative, or dial 1-800-242-2121, with any questions.
ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED "AS IS". AVAYA INC., ON BEHALF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES (HEREINAFTER COLLECTIVELY REFERRED TO AS "AVAYA"), DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE STEPS RECOMMENDED WILL ELIMINATE SECURITY OR VIRUS THREATS TO CUSTOMERS' SYSTEMS. IN NO EVENT SHALL AVAYA BE LIABLE FOR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE INFORMATION OR RECOMMENDED ACTIONS PROVIDED HEREIN, INCLUDING DIRECT, INDIRECT, CONSEQUENTIAL DAMAGES, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF AVAYA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE INFORMATION PROVIDED HERE DOES NOT AFFECT THE SUPPORT AGREEMENTS IN PLACE FOR AVAYA PRODUCTS. SUPPORT FOR AVAYA PRODUCTS CONTINUES TO BE EXECUTED AS PER EXISTING AGREEMENTS WITH AVAYA.
V 1.0 - November 17, 2006 - Initial Statement issued.
V 2.0 - August 16, 2007 - Updated CMS response for Sun Alert ID 102652 to
include approved patches.
Send information regarding any discovered security problems with Avaya products to either the contact noted in the product's documentation or [email protected].
© 2006 Avaya Inc. All Rights Reserved. All trademarks identified by the ® or ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners.