Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow

2008-10-06 / 2008-10-07
Risk: High
Local: No
Remote: Yes
CWE: CWE-119

CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

================================================== Layered Defense Research Advisory 12 August 2008 ================================================== 1) Affected Product Alcatel-Lucent OmniSwitch products OS7000 OS6600 OS6800 OS6850 OS9000 ================================================== 2) Severity Rating: critical Impact: Remotely exploitable without authentication. ================================================== 3) Description of Vulnerability A stack based buffer overflow was discovered within Alcatel OmniSwitch product line. This buffer overflow was discovered within the Agranet-Emweb embedded management web server and can be exploited remotely without user authentication. The vulnerability can be triggered on a 6200-24 running AOS Version by sending 2392 bytes in the http header ?Cookie: Session=? This appears to overwrite a return address on the stack giving the attacker control of the instruction pointer. The amount of bytes needed to trigger the overflow varies between AOS versions. ================================================== 4) Solution Fix: 1. Install AOS upgrades as recommended by Vendor 2. Disable Web services on OmniSwitch products ================================================== 5) Time Table: 05/21/2008 Reported Vulnerability to Vendor. 06/27/2008 Vendor acknowledged the vulnerability 08/06/2008 Vendor published hot fix ================================================== 6) Credits Discovered by Deral Heiland, ================================================== 7) Reference t=3&ref=CERT-IST/AV-2008.333 ================================================== 8) About Layered Defense Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena. ==================================================


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020,


Back to Top