User's Manual

ManualsBrandsAvaya ManualsNetworkingVU#261869:

Source:

US-CERT Vulnerability Note on the Clientless SSL VPN

Security Issues at: http://www.kb.cert.org/vuls/id/261869

CVE-2009-2631 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2631

CERT- Coordination Center CA-200-02 is available at:

http://www.cert.org/advisories/CA-2000-02.html#impact

BULLETIN ID: 2009009920, Rev 1

PUBLISHED: 2009-12-15

STATUS: Active

REGION: All

PRIORITY: Critical

TYPE: Security Advisory

Overview:

Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security

mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks.

By convincing a user to view a specially crafted web page, a remote attacker may be able to obtain VPN session tokens

and read or modify content (including cookies, script, or HTML content) from any site accessed through the clientless SSL

VPN. This effectively eliminates same origin policy restrictions in all browsers. Because all content

runs at the privilege level of the web VPN domain, mechanisms to provide domain-based content restrictions, such as

Internet Explorer security zones and the Firefox add-on NoScript, may be bypassed. For example, the attacker may be

able to capture keystrokes while a user is interacting with a web page. For additional information about

impacts, please review CERT Advisory CA-2000-02.

There is no solution to this problem. Depending on their specific configuration and location in the network these devices

may be impossible to operate securely. Administrators are encouraged to view the workarounds detailed in the Solutions

section of the US-CERT Vulnerability Note for the following:

1. Limit URL rewriting to trusted domains

2. Block the VPN server from accessing untrusted domains

3. Disable URL hiding features

Before taking any action please ensure that you are viewing the latest official version of this security advisory by

referencing http://www.nortel.com/securityadvisories

For more information:

Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region.

Nortel security advisories: http://nortel.com/securityadvisories

Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic

>TECHNICAL SUPPORT

. SECURITY ADVISORY BULLETIN

Nortel Enterprise Response to VU#261869: Clientless SSL VPN Security Issue

Summary of content (9 pages)

PAGE 1
. >TECHNICAL SUPPORT . SECURITY ADVISORY BULLETIN . . Nortel Enterprise Response to VU#261869: Clientless SSL VPN Security Issue Source: US-CERT Vulnerability Note on the Clientless SSL VPN Security Issues at: http://www.kb.cert.org/vuls/id/261869 CVE-2009-2631 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2631 CERT- Coordination Center CA-200-02 is available at: http://www.cert.org/advisories/CA-2000-02.
PAGE 2
NORTEL ENTERPRISE RESPONSE TO VU#261869: CLIENTLESS SSL VPN SECURITY ISSUE 2009009920, REV 1 Symptoms: Please refer to the Resolution section herein for product-specific information from Nortel. Prevention: Please refer to the Resolution section herein for product-specific information from Nortel. Mitigation: Please refer to the US-CERT link in the Source section for mitigation information for the various vulnerabilities addressed by the US-CERT advisory.
PAGE 3
NORTEL ENTERPRISE RESPONSE TO VU#261869: CLIENTLESS SSL VPN SECURITY ISSUE 2009009920, REV 1 Contact Center - Remote Agent Observe . Contact Center portfolio products have no dependency on any affected Clientless SSL VPN products and the vulnerability is not applicable to any Contact Center portfolio products. Call Center - Symposium Agent, TAPI Server .
PAGE 4
NORTEL ENTERPRISE RESPONSE TO VU#261869: CLIENTLESS SSL VPN SECURITY ISSUE 2009009920, REV 1 Norstar Peripherals - Norstar VoIP Gateway . Clientless SSL is not used on any Norstar products. Hence, the Norstar KSUs and Norstar applications are not affected by the Clientless SSL VPN products break web browser's domain-based security models potential vulnerability.
PAGE 5
NORTEL ENTERPRISE RESPONSE TO VU#261869: CLIENTLESS SSL VPN SECURITY ISSUE 2009009920, REV 1 BCM-BCM-BCM50 Global BCM-BCM-BCM50 N.A. BCM-BCM-BCM50 R2 Global BCM-BCM-BCM50 R2 N.A. BCM-BCM-BCM50 R3 Global BCM-BCM-BCM50 R3 N.A. BCM-BCM-BCM50a Global BCM-BCM-BCM50a N.A. BCM-BCM-BCM50a R2 Global BCM-BCM-BCM50a R2 N.A. BCM-BCM-BCM50a R3 Global BCM-BCM-BCM50a R3 N.A.
PAGE 6
NORTEL ENTERPRISE RESPONSE TO VU#261869: CLIENTLESS SSL VPN SECURITY ISSUE 2009009920, REV 1 BCM-BCM-SRG50b 3.
PAGE 7
NORTEL ENTERPRISE RESPONSE TO VU#261869: CLIENTLESS SSL VPN SECURITY ISSUE 2009009920, REV 1 Ethernet Rtng Switch-Ethrnt Rtng Swt 8300-Ethernet Rtng Switch 8393SF Ethernet Rtng Switch-Ethrnt Rtng Swt 8300-Ethernet Rtng Switch 8394SF Ethernet Rtng Switch-Ethrnt Rtng Swt 8600-Ethernet Rtng Switch 8600 Ethernet Rtng Switch-Ethrnt Rtng Swt 8600-Ethernet Rtng Switch 8661 Ethernet Rtng Switch-Ethrnt Rtng Swt 8300-Ethernet Rtng Switch8324GTX Ethernet Rtng Switch-Ethrnt Rtng Swt 8300-Ethernet Rtng Switch8348GTX E
PAGE 8
NORTEL ENTERPRISE RESPONSE TO VU#261869: CLIENTLESS SSL VPN SECURITY ISSUE 2009009920, REV 1 Secure Ntwk Access-Switch 4000-Secure Ntwk Access Swt 4050 Secure Ntwk Access-Switch 4000-Secure Ntwk Access Swt 4070 Secure Router-1000-Secure Router 1001 Secure Router-1000-Secure Router 1002 Secure Router-1000-Secure Router 1004 Secure Router-2000-Secure Router 2330 Secure Router-3100-Secure Router 3120 Secure Router-4100-Secure Router 4134 Secure Router-8000-Secure Router 8002 Secure Router-8000-Secure Router
PAGE 9
NORTEL ENTERPRISE RESPONSE TO VU#261869: CLIENTLESS SSL VPN SECURITY ISSUE 2009009920, REV 1 WLAN-2300-WLAN Security Switch 2382 To view the most recent version of this bulletin, access technical documentation, search our knowledge base, or to contact a Technical Support Representative, please visit Nortel Technical Support on the web at: http://support.nortel.com/. You may also sign up to receive automatic email alerts when new bulletins are published.