---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Alcatel-Lucent OmniSwitch Series Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA31435 VERIFY ADVISORY: http://secunia.com/advisories/31435/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network OPERATING SYSTEM: Alcatel-Lucent OmniSwitch 7000 Series http://secunia.com/product/789/ Alcatel-Lucent OmniSwitch 6600 Series http://secunia.com/product/19553/ Alcatel-Lucent OmniSwitch 6800 Series http://secunia.com/product/19554/ Alcatel-Lucent OmniSwitch 6850 Series http://secunia.com/product/19555/ Alcatel-Lucent OmniSwitch 9000 Series http://secunia.com/product/19556/ DESCRIPTION: Deral Heiland has reported a vulnerability in various OmniSwitch products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the embedded management web server when processing the "Session" cookie. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted GET request containing an overly long "Session" cookie. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in the following Alcatel OmniSwitch products: * OS7000 Series * OS6600 Series * OS6800 Series * OS6850 Series * OS9000 Series SOLUTION: Update to the following versions: * 5.4.1.429.R01 or higher * 5.1.6.463.R02 or higher * 6.1.3.965.R01 or higher * 6.1.5.595.R01 or higher * 6.3.1.966.R01 or higher Contact the Alcatel-Lucent Technical Support for availability of other releases. PROVIDED AND/OR DISCOVERED BY: Deral Heiland, Layered Defense Research ORIGINAL ADVISORY: Alcatel-Lucent: http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm Layered Defense Research: http://www.layereddefense.com/alcatel12aug.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------