|
Alcatel-Lucent OmniSwitch Series Buffer Overflow Vulnerability
|
|
Secunia Advisory:
|
SA31435
|
|
|
Release Date:
|
2008-08-12
|
|
Last Update:
|
2008-10-07
|
|
Popularity:
|
2,198 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Alcatel-Lucent OmniSwitch 6600 Series
Alcatel-Lucent OmniSwitch 6800 Series
Alcatel-Lucent OmniSwitch 6850 Series
Alcatel-Lucent OmniSwitch 7000 Series
Alcatel-Lucent OmniSwitch 9000 Series
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Deral Heiland has reported a vulnerability in various OmniSwitch products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the embedded management web server when processing the "Session" cookie. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted GET request containing an overly long "Session" cookie.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in the following Alcatel OmniSwitch products:
* OS7000 Series
* OS6600 Series
* OS6800 Series
* OS6850 Series
* OS9000 Series
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
