Avaya Cajun P330, P130, and G700 Media Gateway packet denial of service
| avaya-packet-dos (12356) |  Low Risk |
Description:
The Avaya Cajun P330 series switches and the Avaya G700 Media Gateway Library are vulnerable to a denial of service. By establishing a connection to a specific TCP or UDP port on the device and sending a malformed packet, a remote attacker can cause the device to reset, which would deny access to legitimate users.
Consequences:
Denial of Service
Remedy:
For Avaya Cajun P330:
Upgrade to the latest version of firmware (4.0 or later), available from the Avaya Support Web page. See References.
For G700 Media Gateway:
Upgrade to the latest version of firmware, when it becomes available from the Avaya Support Web page. See References.
— OR —
For Avaya Cajun P130 and G700 Media Gateway:
As a workaround, block inbound connections from untrusted sources through the firewall to the device.
References:
- Avaya Security Advisories Web site: Avaya P330/P130 and G700 possible denial of service vulnerability.
- Avaya Support Web site: Avaya - Support Centre.
- BugTraq Mailing List, Wed Jun 18 2003 - 12:16:03 CDT: Denial of service in Cajun P13x/P33x switch family firmware 3.x.
- BID-7961: Avaya Cajun Network Switch Connection Stalling Denial Of Service Vulnerability
Platforms Affected:
- Avaya Cajun P130
- Avaya Cajun P133
- Avaya Cajun P330
- Avaya Cajun P333
- Avaya G700 Media Gateway 3.0
Reported:
Jun 17, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net