lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201103011433.p21EX5PI001781@www5.securityfocus.com>
Date: Tue, 1 Mar 2011 07:33:05 -0700
From: ddivulnalert@...frontline.com
To: bugtraq@...urityfocus.com
Subject: DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory
 Traversal Vulnerability [ CVE-2011-0345 ]

Title: DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ]
Severity: High
Date Discovered:10/29/2010
Discovered By: Digital Defense, Inc. Vulnerability Research Team
Additional Discovered By: r@...$

Vulnerability Description:

The Alcatel-Lucent OmniVista 4760 NMS is vulnerable to a directory traversal. This flaw allows remote unauthenticated attackers to retrieve arbitrary files from a vulnerable system.

Solution Description:

Alcatel-Lucent has provided a patch for this vulnerability. The patch is available on the vendor's website. If you are unable to patch the system, mitigate this vulnerability by disabling the service, or restricting access to a local interface or a trusted network via a firewall or other means.

Tested Systems / Software:

OmniVista 4760 NMS version 5.0.07.05
OmniVista 4760 NMS version 5.1.06.03

Vendor Name: Alcatel-Lucent
Vendor Website: http://www.alcatel-lucent.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ