Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4383

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4383
Last Modified 18 Mar 2009 01:42:58
Published 03 Oct 2008 06:22:41
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4383

Summary

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

Vulnerable Systems

Operating System

  • Alcatel Aos 5.1.6.463

  • Alcatel Aos 5.4.1.429

  • Alcatel Aos 6.1.3.965

  • Alcatel Aos 6.3.1.966


References

XF - omniswitch-session-bo(44400)

CONFIRM - http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm

VUPEN - ADV-2008-2346

SECTRACK - 1020657

BID - 30652

BUGTRAQ - 20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow

MISC - http://www.layereddefense.com/alcatel12aug.html

SREASON - 4347

SECUNIA - 31435


Last Updated: 27 May 2016 10:48:28