Avaya Support Forums

Avaya Support Forums (http://support.avaya.com/forums/index.php)
-   Enterprise PBX Communications Systems (http://support.avaya.com/forums/forumdisplay.php?f=7)
-   -   CM 5.2.1 vulnerability (http://support.avaya.com/forums/showthread.php?t=793)

alindquist 05-16-2011 11:43 AM

CM 5.2.1 vulnerability
 
Hello Everyone.
I have a number of CM 5.2.1 servers that are failing a secutrity audit. They have the "Caldera OpenLinux rpm_querryVulnerability". When I Google that, it says to go to the /home/httpd/cgi-bin directory and remove the component, but there is no such directory. Does anyone know of a patch or procedure for removing this vulnerability? Thanks.

mathew 06-19-2011 11:09 PM

Please open a ticket with Avaya support for this.

sumit007 05-25-2015 11:57 PM

Quote:

Originally Posted by alindquist (Post 2212)
Hello Everyone.
I have a number of CM 5.2.1 servers that are failing a secutrity audit. They have the "Caldera OpenLinux rpm_querryVulnerability". When I Google that, it says to go to the /home/httpd/cgi-bin directory and remove the component, but there is no such directory. Does anyone know of a patch or procedure for removing this vulnerability? Thanks.

Alin yes CM do have the cgi-bin directory. If you check the URL of CM - SMI interface it looks like
https://<IP ADDRESS of CM>/cgi-bin/

So if there any vulnerability then Avaya will patch it.

try to get CVE ID first and on behalf of that ask Avaya for the Support.

yadav29 05-26-2015 06:02 AM

HI,

please check the below link.

https://www.juniper.net/security/aut...vuln17587.html

Description:

The Linux kernel is prone to vulnerabilities regarding access to shared memory.

These vulnerabilities occur when shared-memory permissions are not properly validated.

The first issue allows attackers to replace portions of files containined in 'tmpfs' filesystems with zeros. Attackers utilize the 'madvise' system call to exploit this issue.

The second issue allows attackers to modify readonly portions of shared memory. Attackers utilize the 'mprotect' system call to exploit this issue.

An attacker can exploit these issues to possibly corrupt applications and their data when the applications use temporary files or shared memory.


All times are GMT -7. The time now is 02:18 PM.