---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Nortel Contact Center Manager Administration Security Bypass and Information Disclosure SECUNIA ADVISORY ID: SA35099 VERIFY ADVISORY: http://secunia.com/advisories/35099/ DESCRIPTION: Two vulnerabilities have been reported in Nortel Contact Center Manager Administration, which can be exploited by malicious users to gain escalated privileges and by malicious people to disclose sensitive information. 1) An error in the processing of SOAP queries can be exploited via a certain SOAP request to disclose the password of the user account that is used to connect to the Contact Center Manager Server. 2) An error in the handling of cookies within the Nortel Contact Center Manager Administration web application can be exploited to gain escalated privileges by modifying cookies that are used to determine the roles of authenticated users. SOLUTION: Apply update CCMA_6.0_DP_060229 and CCMA_6.0_DP_060224. PROVIDED AND/OR DISCOVERED BY: The vendor credits Bernhard Muller and David Matscheko of SEC Consult. ORIGINAL ADVISORY: http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/19/024777-01.pdf http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/19/024778-01.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------