View Single Post
Old 02-19-2015, 02:45 PM
walmsls's Avatar
walmsls walmsls is offline
Join Date: Feb 2014
Location: Phoenix, AZ
Posts: 4
walmsls has 11 reputation points

I finally got a reply from the backbone engineer working on my support request. Here is their reply.

Below are the links for the Avaya Security Announcements that have been released in regards to CVE-2015-0235 glibc vulnerability (“street name” of GHOST).

RHEL4: ASA-2015-072 –
RHEL5 ASA-2015-070 -
RHEL6 ASA-2015-071 -

Depending on the products that you are currently using if they are at a supported software for example CM 6.3 the fixes are due in the next Security Pack which is expected by the end of March. This can change depending on testing, release dates changing, etc.

If the Product Software is End of Support there will be no fixes released and the software will need to be upgraded in order to receive the security fix.

Vulnerability for CVE-2015-0235 = MEDIUM

The risk is rated Medium for all listed products because the exploit would require local account access. Remote attack may not be possible, because either the DNS server is not running or the products sanitize the input and provide name resolution to trusted hosts only within the enterprise. Additionally, the known affected programs or utilities are not used and additional protection mechanisms are in place to protect the products from remote exploit.

So, it looks like wait for the end of March for a security patch...
ACSS Session Manager and System Manager
ACSS Communication Manager and CM Messaging
ACSS Call Center Elite
Reply With Quote