Back to list
Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow
Aug 12 2008 03:56AM
dh layereddefense com
Layered Defense Research Advisory 12 August 2008
1) Affected Product
Alcatel-Lucent OmniSwitch products
2) Severity Rating:
Impact: Remotely exploitable without authentication.
3) Description of Vulnerability
A stack based buffer overflow was discovered within Alcatel OmniSwitch product line.
This buffer overflow was discovered within the Agranet-Emweb embedded management web server and can be exploited remotely without user authentication.
The vulnerability can be triggered on a 6200-24 running AOS Version 22.214.171.1246.R01 by sending 2392 bytes in the http header ?Cookie: Session=? This appears to overwrite a return address on the stack giving the attacker control of the instruction pointer. The amount of bytes needed to trigger the overflow varies between AOS versions.
1. Install AOS upgrades as recommended by Vendor
2. Disable Web services on OmniSwitch products
5) Time Table:
05/21/2008 Reported Vulnerability to Vendor.
06/27/2008 Vendor acknowledged the vulnerability
08/06/2008 Vendor published hot fix
6) Credits Discovered by Deral Heiland, www.LayeredDefense.com
8) About Layered Defense Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena. http://www.layereddefense.com
[ reply ]
Copyright 2010, SecurityFocus