---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Nortel CallPilot Web VPN Same Origin Policy Bypass SECUNIA ADVISORY ID: SA37789 VERIFY ADVISORY: http://secunia.com/advisories/37789/ DESCRIPTION: A vulnerability has been reported in Nortel CallPilot, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the web-based VPN implementation prepending the same domain to all opened websites. This can be exploited to bypass a browser's same origin policy and e.g. access cookies for normally restricted domains by tricking a user into browsing to a malicious website via the VPN. The vulnerability is reported in CallPilot 201i, 202i, 600r, 703t, 1002rp, and 1005r. SOLUTION: The vendor recommends to avoid browsing other web sites while logged in to CallPilot Manager or My CallPilot. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Michal Zalewski and Mike Zusman for the original report. Additional vulnerability details provided by David Warren and Ryan Giobbi of US-CERT. ORIGINAL ADVISORY: Nortel: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744 US-CERT VU#261869: http://www.kb.cert.org/vuls/id/261869 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------