Avaya Support Forums  

Go Back   Avaya Support Forums > Enterprise PBX Communications Systems

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 05-16-2011, 10:43 AM
alindquist alindquist is offline
Whiz
.
 
Join Date: May 2010
Posts: 35
alindquist has 10 reputation points
Default CM 5.2.1 vulnerability

Hello Everyone.
I have a number of CM 5.2.1 servers that are failing a secutrity audit. They have the "Caldera OpenLinux rpm_querryVulnerability". When I Google that, it says to go to the /home/httpd/cgi-bin directory and remove the component, but there is no such directory. Does anyone know of a patch or procedure for removing this vulnerability? Thanks.
Reply With Quote
  #2  
Old 06-19-2011, 10:09 PM
mathew mathew is offline
Hot Shot
.
 
Join Date: Aug 2010
Posts: 16
mathew has 10 reputation points
Default

Please open a ticket with Avaya support for this.
Reply With Quote
  #3  
Old 05-25-2015, 10:57 PM
sumit007 sumit007 is offline
Brainiac
 
Join Date: Oct 2013
Posts: 63
sumit007 has 19 reputation pointssumit007 has 19 reputation points
Default

Quote:
Originally Posted by alindquist View Post
Hello Everyone.
I have a number of CM 5.2.1 servers that are failing a secutrity audit. They have the "Caldera OpenLinux rpm_querryVulnerability". When I Google that, it says to go to the /home/httpd/cgi-bin directory and remove the component, but there is no such directory. Does anyone know of a patch or procedure for removing this vulnerability? Thanks.
Alin yes CM do have the cgi-bin directory. If you check the URL of CM - SMI interface it looks like
https://<IP ADDRESS of CM>/cgi-bin/

So if there any vulnerability then Avaya will patch it.

try to get CVE ID first and on behalf of that ask Avaya for the Support.
__________________
S.S.
Reply With Quote
  #4  
Old 05-26-2015, 05:02 AM
yadav29 yadav29 is offline
Brainiac
 
Join Date: Jan 2013
Posts: 55
yadav29 has 16 reputation pointsyadav29 has 16 reputation points
Default

HI,

please check the below link.

https://www.juniper.net/security/aut...vuln17587.html

Description:

The Linux kernel is prone to vulnerabilities regarding access to shared memory.

These vulnerabilities occur when shared-memory permissions are not properly validated.

The first issue allows attackers to replace portions of files containined in 'tmpfs' filesystems with zeros. Attackers utilize the 'madvise' system call to exploit this issue.

The second issue allows attackers to modify readonly portions of shared memory. Attackers utilize the 'mprotect' system call to exploit this issue.

An attacker can exploit these issues to possibly corrupt applications and their data when the applications use temporary files or shared memory.
__________________
Rao
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 04:43 AM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.