---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: ExtremeWare XOS Unspecified Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA15438 VERIFY ADVISORY: http://secunia.com/advisories/15438/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: >From local network OPERATING SYSTEM: ExtremeWare XOS 11.x http://secunia.com/product/5118/ ExtremeWare XOS 10.x http://secunia.com/product/5119/ DESCRIPTION: A vulnerability has been reported in ExtremeWare XOS, which can be exploited by malicious users to gain escalated privileges. The vulnerability is caused due to an unspecified error, which can be exploited to gain administrative privileges on the underlying system. Successful exploitation requires user level privileges. The vulnerability affects the BlackDiamond 10808 (10K) and BlackDiamond 8800 switches running the following versions of ExtremeWare XOS: * All versions prior to 11.1.3.3 for the 11.1 branch. * All versions prior to 11.0.2.4 for the 11.0 branch. * All versions for the 10.x branch. SOLUTION: Update to version 11.0.2.4 or 11.1.3.3. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: Extreme Networks: http://www.extremenetworks.com/services/documentation/FieldNotices_FN0215-Security_Alert_EXOS.asp OTHER REFERENCES: US-CERT VU#937838: http://www.kb.cert.org/vuls/id/937838 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------