[RHSA-2005-583] Low: dump security update

Original Release Date: August 14, 2006
Last Revised: September 13, 2007
Number: ASA-2006-156
Risk Level: Low
Advisory Version: 2.0
Advisory Status: Final

1. Overview:

Dump is a utility which examines files and filesystems, and saves information out to storage.

A flaw was found with dump file locking. A local attacker could manipulate a file lock to cause dump not to run on that file. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2002-1914 to this issue.

More information about these vulnerabilities can be found in the security advisory issued by Red Hat Linux:

2. Avaya System Products with dump installed:

Product: Affected Version(s): Risk Level: Actions:
Avaya S87XX/S8500/S8300 Versions prior to CM 3.1 Low A newer version of dump has been included in CM 3.1 and greater. Avaya recommends upgrading to CM 3.1 or greater to address this vulnerability.
Avaya Intuity LX All Low A newer version of dump has been included in Intuity LX 2.0 and greater. Avaya recommends upgrading to Intuity LX 2.0 or greater to address this vulnerability.
Avaya Messaging Storage Server All Low A newer version of dump has been included in Messaging Storage Server 3.0 and greater. Avaya recommends upgrading to Messaging Storage Server 3.0 or greater to address this vulnerability.
Avaya Message Networking All Low A newer version of dump has been included in Messaging Networking 3.0 and greater. Avaya recommends upgrading to Messaging Networking 3.0 or greater to address this vulnerability.

3. Additional Information:

Additional information may also be available via the Avaya support website and through your Avaya account representative. Please contact your Avaya product support representative, or dial 1-800-242-2121, with any questions.

4. Disclaimer:

ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED "AS IS". AVAYA INC., ON BEHALF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES (HEREINAFTER COLLECTIVELY REFERRED TO AS "AVAYA"), DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE STEPS RECOMMENDED WILL ELIMINATE SECURITY OR VIRUS THREATS TO CUSTOMERS' SYSTEMS. IN NO EVENT SHALL AVAYA BE LIABLE FOR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE INFORMATION OR RECOMMENDED ACTIONS PROVIDED HEREIN, INCLUDING DIRECT, INDIRECT, CONSEQUENTIAL DAMAGES, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF AVAYA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

THE INFORMATION PROVIDED HERE DOES NOT AFFECT THE SUPPORT AGREEMENTS IN PLACE FOR AVAYA PRODUCTS. SUPPORT FOR AVAYA PRODUCTS CONTINUES TO BE EXECUTED AS PER EXISTING AGREEMENTS WITH AVAYA.

5. Revision History:

V 1.0 - August 14, 2006 - Initial Statement issued.
V 2.0 September 13, 2007 - Updated recommended actions for IALX, MM, and MN. Changed advisory status to final.

Send information regarding any discovered security problems with Avaya products to either the contact noted in the product's documentation or securityalerts@avaya.com.

© 2006 Avaya Inc. All Rights Reserved. All trademarks identified by the ® or ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners.