Scribd Logo
Upload

Welcome to Scribd!

  • SA0049 - Reinforcing Security On 4635 Voicemail Systems Complementary Information To TC 1774-Ed4

    Uploaded by

    Asnake Tegenaw
    5 views2 pages

    Original Title

    SA0049 - Reinforcing Security on 4635 Voicemail Systems Complementary Information to TC 1774-ed4

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views2 pages

    SA0049 - Reinforcing Security On 4635 Voicemail Systems Complementary Information To TC 1774-Ed4

    Uploaded by

    Asnake Tegenaw

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Alcatel-Lucent Security Advisory No. SA0049 Ed.

    04
    Reinforcing Security on 4635 Voicemail Systems –
    Complementary Information to TC 1774

    Summary
    This security advisory aims at providing complementary information to the security measures developed in
    Technical Communication N° 1774 for the protection of OmniPCX Enterprise Voicemail solutions against toll
    frauds and voicemail phreaking attacks.

    Concerned products
    OmniPCX Enterprise
    OmniMessage™ 4635

    Description of the advisory


    The Technical Communication N° 1774 details the management guidelines to prevent hacking of the A4635
    voice messaging systems. Such hacking may lead to financial damage of our end customers.
    In order to have these procedures be fully operational, it is mandatory to upgrade the OmniPCX Enterprise
    to the patch level indicated hereafter:
    • OmniPCX Enterprise R9.1: Hotfix available on i1.605.41
    • OmniPCX Enterprise R10.0: J1.410.63.a
    • OmniPCX Enterprise R10.1.1: J2.603.31a
    • OmniPCX Enterprise R11.0: K1.400.33b
    • OmniPCX Enterprise R11.0.1: K1.520.22.f

    Alcatel-Lucent strongly recommends upgrading immediately to the indicated OmniPCX Enterprise patch level
    on all concerned customer systems.

    Impacts
    Potential security impacts are detailed in the corresponding Technical Communication N° 1774.
    When specific notification operations are configured in the voice mail application that allows automatic
    callback to a preconfigured number, it was possible for the legitimate user to make execute external calls that
    did not correspond to his configured restriction rules. After the fix, notification to external number follows the
    set restriction rules. Note that, this misbehavior can NOT be exploited by unregistered users or users that do
    not have access to such notification functions in the voicemail application.

    Solutions
    Apply the software patches corresponding to your OmniPCX Enterprise release:
    • OmniPCX Enterprise R9.1: Hotfix available on i1.605.41
    • OmniPCX Enterprise R10.0: J1.410.63.a
    • OmniPCX Enterprise R10.1.1: J2.603.31a
    • OmniPCX Enterprise R11.0: K1.400.33b
    • OmniPCX Enterprise R11.0.1: K1.520.22.f
    Software patches are made available on Alcatel-Lucent Enterprise Business Portal
    https://businessportal.alcatel-lucent.com
    (click on software-download)

    History
    Ed.01 (2014 May 19th): document creation
    Ed02 (2014 May 20th)
    Ed.03 (2014 June 05th): concern only OmniMessage™ 4635
    Ed.04 (2014 June 30th): Hotfix in Release R9.1

    You might also like