lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: 19 Feb 2004 17:07:21 -0000
From: Michael Shekman <michaels80@...manchester.ct.us>
To: bugtraq@...urityfocus.com
Subject: Alcatel Omniswitch 7000 series




Running Nessus 2.0.9 against Alcatel 7000 series causing a swith to reboot  via buffer overflow(?).

Alcatel has multiple services running on the background, with no option to shut them down. Vulnerable ports:  80, 260, 261, 443. Disabling a service via qos policy (suggested by  Alcatel) does just a minor relief, since many other possible vulnerabilities cause the same outcome. 

Systems affected: 7700, 7800, possibly 8800 (have not tested due to the critical switch location)

Tested System info:
--------------------
FPGA : 38
BootROM Version: 5.1.4.67.R01
OS: 5.1.4.27.R03

Test configuration:
-------------------
ports 1-1024
no safe-checks (NOTE: safe-checks occasionally crash the switch as well)
1870 plugins enable
all scans enable


Powered by blists - more mailing lists