[NEWS] Alcatel-Lucent OmniSwitch Stack Buffer Overflow
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 13 Aug 2008 14:48:02 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
Alcatel-Lucent OmniSwitch Stack Buffer Overflow
A stack overflow vulnerability in Alcatel-Lucent's web interface allows
remote attackers to cause it to crash by sending it a malformed HTTP
* Alcatel-Lucent OmniSwitch OS7000
* Alcatel-Lucent OmniSwitch OS6600
* Alcatel-Lucent OmniSwitch OS6800
* Alcatel-Lucent OmniSwitch OS6850
* Alcatel-Lucent OmniSwitch OS9000
* AOS version 18.104.22.1686.R01
A stack based buffer overflow was discovered within Alcatel OmniSwitch
product line. This buffer overflow was discovered within the Agranet-Emweb
embedded management web server and can be exploited remotely without user
authentication. The vulnerability can be triggered on a 6200-24 running
AOS Version 22.214.171.1246.R01 by sending 2392 bytes in the http header
"Cookie: Session=" This appears to overwrite a return address on the stack
giving the attacker control of the instruction pointer. The amount of
bytes needed to trigger the overflow varies between AOS versions.
1. Install AOS upgrades as recommended by Vendor, found at:
2. Disable Web services on OmniSwitch products
05/21/2008 - Reported Vulnerability to Vendor.
06/27/2008 - Vendor acknowledged the vulnerability
08/06/2008 - Vendor published hot fix
The information has been provided by <mailto:dh@xxxxxxxxxxxxxxxxxx> Deral
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [TOOL] SurfJack - Hijack HTTP Connections to Steal Cookies
- Next by Date: [NT] Microsoft Office BMP Input Filter Heap Overflow Vulnerability (MS08-044)
- Previous by thread: [TOOL] SurfJack - Hijack HTTP Connections to Steal Cookies
- Next by thread: [NT] Microsoft Office BMP Input Filter Heap Overflow Vulnerability (MS08-044)