Avaya Support Forums  

Go Back   Avaya Support Forums > Avaya Aura & Unified Communications

Thread Tools Search this Thread Display Modes
Old 02-19-2015, 03:45 PM
walmsls's Avatar
walmsls walmsls is offline
Join Date: Feb 2014
Location: Phoenix, AZ
Posts: 4
walmsls has 11 reputation points

I finally got a reply from the backbone engineer working on my support request. Here is their reply.

Below are the links for the Avaya Security Announcements that have been released in regards to CVE-2015-0235 glibc vulnerability (“street name” of GHOST).

RHEL4: ASA-2015-072 – https://downloads.avaya.com/css/P8/documents/101006705
RHEL5 ASA-2015-070 - https://downloads.avaya.com/css/P8/documents/101006702
RHEL6 ASA-2015-071 - https://downloads.avaya.com/css/P8/documents/101006704

Depending on the products that you are currently using if they are at a supported software for example CM 6.3 the fixes are due in the next Security Pack which is expected by the end of March. This can change depending on testing, release dates changing, etc.

If the Product Software is End of Support there will be no fixes released and the software will need to be upgraded in order to receive the security fix.

Vulnerability for CVE-2015-0235 = MEDIUM

The risk is rated Medium for all listed products because the exploit would require local account access. Remote attack may not be possible, because either the DNS server is not running or the products sanitize the input and provide name resolution to trusted hosts only within the enterprise. Additionally, the known affected programs or utilities are not used and additional protection mechanisms are in place to protect the products from remote exploit.

So, it looks like wait for the end of March for a security patch...
ACSS Session Manager and System Manager
ACSS Communication Manager and CM Messaging
ACSS Call Center Elite
Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -7. The time now is 02:06 AM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.