Extreme Networks switches with ExtremeWare XOS allow arbitrary command execution

Overview

Some Extreme Networks switches running ExtremeWare XOS have a vulnerability that allows a malicious authenticated user to escape to the underlying operating system command shell with administrator-level (root) privileges.

Description

Extreme Network switches running ExtremeWare XOS contain a vulnerability that permits arbitrary command execution as the super user of the underlying operating system by any authenticated XOS user, including those created as non-privileged XOS users.

In order to exploit this vulnerability, the user must be authenticated to XOS.

---

Impact

Any authenticated XOS user can potentially execute arbitrary commands with administrator-level access to the underlying operating system of the switches.

---

Solution

Apply a patch available from the Vendor. For more information see the vendor field notice FN0215:

<http://www.extremenetworks.com/services/documentation/FieldNotices_FN0215-Security_Alert_EXOS.asp&gt;

---

Workaround

Until and after the patch can be applied, consider restricting account access to only those users who are authorized to make configuration changes. It is also advisable to consider the use of firewalls/port blocking to restrict network authentication access to as few hosts as practical. Note that this will not completely mitigate this vulnerability, but will limit the vectors for attack.

---

Vendor Information

937838

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Extreme Networks __ Affected

Notified: April 27, 2005 Updated: May 18, 2005

Status

Affected

Vendor Statement

The Field notice has been published on the extremenetworks website.

<http://www.extremenetworks.com/services/documentation/FieldNotices_FN0215-Security_Alert_EXOS.asp&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23937838 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

<http://www.extremenetworks.com/services/documentation/FieldNotices_FN0215-Security_Alert_EXOS.asp&gt;

Acknowledgements

Thanks to Extreme Networks for directly reporting this vulnerability and providing analytical information. Extreme Networks in turn thanks Matt Johnson and Stuart McRobert, Department of Computing, Imperial College London who discovered and reported the vulnerability to Extreme Networks.

This document was written by Robert Mead.

Other Information

CVE IDs:	CVE-2005-1670
Severity Metric:	4.95 Date Public: