Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow
- From: dh@xxxxxxxxxxxxxxxxxx
- Date: 12 Aug 2008 03:56:22 -0000
Layered Defense Research Advisory 12 August 2008
1) Affected Product
Alcatel-Lucent OmniSwitch products
2) Severity Rating:
Impact: Remotely exploitable without authentication.
3) Description of Vulnerability
A stack based buffer overflow was discovered within Alcatel OmniSwitch product line.
This buffer overflow was discovered within the Agranet-Emweb embedded management web server and can be exploited remotely without user authentication.
The vulnerability can be triggered on a 6200-24 running AOS Version 220.127.116.116.R01 by sending 2392 bytes in the http header ?Cookie: Session=? This appears to overwrite a return address on the stack giving the attacker control of the instruction pointer. The amount of bytes needed to trigger the overflow varies between AOS versions.
1. Install AOS upgrades as recommended by Vendor
2. Disable Web services on OmniSwitch products
5) Time Table:
05/21/2008 Reported Vulnerability to Vendor.
06/27/2008 Vendor acknowledged the vulnerability
08/06/2008 Vendor published hot fix
6) Credits Discovered by Deral Heiland, www.LayeredDefense.com
8) About Layered Defense Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena. http://www.layereddefense.com
- Prev by Date: Re: Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)
- Next by Date: RE: OpenID/Debian PRNG/DNS Cache poisoning advisory
- Previous by thread: Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability
- Next by thread: iDefense Security Advisory 08.04.08: Solaris snoop SMB Decoding Multiple Format String Vulnerabilities