BugTraq
Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow Aug 12 2008 03:56AM
dh layereddefense com
==================================================

Layered Defense Research Advisory 12 August 2008

==================================================

1) Affected Product

Alcatel-Lucent OmniSwitch products

OS7000

OS6600

OS6800

OS6850

OS9000

==================================================

2) Severity Rating:

critical

Impact: Remotely exploitable without authentication.

==================================================

3) Description of Vulnerability

A stack based buffer overflow was discovered within Alcatel OmniSwitch product line.

This buffer overflow was discovered within the Agranet-Emweb embedded management web server and can be exploited remotely without user authentication.

The vulnerability can be triggered on a 6200-24 running AOS Version 5.4.1.396.R01 by sending 2392 bytes in the http header ?Cookie: Session=? This appears to overwrite a return address on the stack giving the attacker control of the instruction pointer. The amount of bytes needed to trigger the overflow varies between AOS versions.

==================================================

4) Solution

Fix:

1. Install AOS upgrades as recommended by Vendor

2. Disable Web services on OmniSwitch products

==================================================

5) Time Table:

05/21/2008 Reported Vulnerability to Vendor.

06/27/2008 Vendor acknowledged the vulnerability

08/06/2008 Vendor published hot fix

==================================================

6) Credits Discovered by Deral Heiland, www.LayeredDefense.com

==================================================

7) Reference

http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm

https://wws.cert-ist.com/fast-cgi/AV/Details.cgi?lang=eng&action=1&forma
t=3&ref=CERT-IST/AV-2008.333

==================================================

8) About Layered Defense Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena. http://www.layereddefense.com

==================================================

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus