• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Alcatel OmniPCX Unprivileged User System Shutdown Denial Of Service Vulnerability

OmniPCX is an enterprise-level Personal Communications Exchange (PCX) system maintained and distributed by Alcatel.

It is possible for any user with local access to the OmniPCX 4400 to shut down the system. This is due to the shutdown utility on the system being installed with a setuid root bit. While this is not inherently an issue, as OmniPCX systems are not designed for multi-user access, this problem may be compounded by the ability to access the system through one of the known default login and password combinations, as described in Bugtraq ID 4127 "Alcatel OmniPCX Default Passwords Vulnerability."