lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20080812051849.8B70F6C5@lists.grok.org.uk>
Date: Tue, 12 Aug 2008 01:12:04 -0400
From: Deral Heiland <dh@...ereddefense.com>
To: ull-disclosure@...ts.grok.org.uk
Subject: Layered Defense Research Advisory: Alcatel-Lucent
 OmniSwitch products, Stack Buffer Overflow

==================================================
Layered Defense Research Advisory 12 August 2008
==================================================
1) Affected Product
Alcatel-Lucent OmniSwitch products
OS7000
OS6600
OS6800
OS6850
OS9000
==================================================
2) Severity Rating:
critical
Impact: Remotely exploitable without authentication.
==================================================
3) Description of Vulnerability
A stack based buffer overflow was discovered within Alcatel 
OmniSwitch product line.
This buffer overflow was discovered within the Agranet-Emweb embedded 
management web server and can be exploited remotely without user 
authentication.
The vulnerability can be triggered on a 6200-24 running AOS Version 
5.4.1.396.R01 by sending 2392 bytes in the http header "Cookie: 
Session=" This appears to overwrite a return address on the stack 
giving the attacker control of the instruction pointer. The amount of 
bytes needed to trigger the overflow varies between AOS versions.
==================================================
4) Solution
Fix:
1. Install AOS upgrades as recommended by Vendor
2. Disable Web services on OmniSwitch products
==================================================
5) Time Table:
05/21/2008 Reported Vulnerability to Vendor.
06/27/2008 Vendor acknowledged the vulnerability
08/06/2008 Vendor published hot fix
==================================================
6) Credits Discovered by Deral Heiland, www.LayeredDefense.com
==================================================
7) Reference
http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm
https://wws.cert-ist.com/fast-cgi/AV/Details.cgi?lang=eng&action=1&format=3&ref=CERT-IST/AV-2008.333
==================================================
8) About Layered Defense Layered Defense, Is a group of security 
professionals that work together on ethical Research, Testing and 
Training within the information security arena. http://www.layereddefense.com
==================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ