Brocade Fabric OS 6.3.1b Weak System Configuration

`# Title: [Brocade Fabric OS v6.3.1b - Multiple vulnerabilities]  
# Discovered by: Karn Ganeshen  
# Vendor Homepage: [www.brocade.com]  
# Versions Reported: Kernel 2.6.14.2 + FabOS v6.3.1b + BootProm 1.0.9  
  
> *version*  
Kernel: 2.6.14.2  
Fabric OS: v6.3.1b  
BootProm: 1.0.9  
  
1 *Default diagnostic accounts*  
root and factory with default passwords documented in respective admin  
guides. By default, both these users are not restricted and can SSH /  
telnet in to the box.  
  
2 *unix-passwd-in-etc-passwd*  
Password hashes found in /etc/passwd files (All user hashes)  
  
3 *unix-uid-0-accounts*  
Multiple users have UID 0 privs  
  
4 *unix-world-writable-files*  
Multiple world writable files are present:  
/etc/fabos/hil_wwn  
/etc/fabos/cfgsave/factory/etc/hosts  
/etc/raslog.ext  
/etc/raslog.int  
/etc/ipadmd_log.txt  
/etc/hosts.0  
  
5 *unix-user-home-dir-mode - weak access permissions*  
The permissions for home directory of user basicswitchadmin was found to be  
755 instead of 750.  
  
6 *generic-passwd-shadow-group-file-permissions - weak access permissions*  
The permission of file '/etc/shadow' is not 400.  
  
7 *unix-partition-mounting-weakness*  
  
/tmp partition does not have 'nosuid' option set.  
/tmp partition does not have 'noexec' option set.  
/tmp partition does not have 'nodev' option set.  
/mnt partition does not have 'nodev' option set.  
  
8 *unix-suid-writable*  
Following world-writable suid files were found on the system:  
/etc/fabos/hil_wwn(-r-xrw-rw-)  
  
9 *unix-suid-script*  
Multiple scripts with suid set were found on the system:  
  
, wwn /fabos/sbin/coreshow /fabos/sbin/timeLineGet /fabos/bin/getIpAddr.sh  
/fabos/ , , bin/userConfig /fabos/cliexec/authCmds /fabos/cliexec/config  
/fabos/cliexec/conf , , igCmd /fabos/cliexec/configure  
/fabos/cliexec/fcping /fabos/cliexec/fpcmd /fabos , , /cliexec/haadm  
/fabos/cliexec/helpcmds /fabos/cliexec/ipAddr /fabos/cliexec/kill , ,  
telnet /fabos/cliexec/ms /fabos/cliexec/savecore /fabos/cliexec/secCmds  
/fabos/c , , /fabos/sbin/coreshow, /fabos/sbin/timeLineGet,  
/fabos/cliexec/killtelnet, /fabos/cliexec/savecore,  
/fabos/cliexec/ssave.sh, , supportsave /fabos/cliexec/supportsavestatus  
/fabos/cliexec/switchcmd /fabos/cli , , exec/syscmd  
/fabos/cliexec/trace_cli /fabos/standby_sbin/coreshow /fabos/libexec , ,  
/coreffdc.sh /fabos/libexec/ethmode /fabos/libexec/getDefaultFID  
/fabos/libexec/ , , ipc_showAll /fabos/libexec/secRoleCheck  
/fabos/etc/swInst /fabos/webtools/htdocs , , /weblinker.fcg  
/var/log/rcslog.old /var/log/fdmilog.txt /var/log/ficulog.txt /va , ,  
r/log/nslog.txt /var/log/rcslog.txt /var/log/seclog.txt  
/var/log/zonelog.txt && , , /fabos/cliexec/supportsavestatus,  
/fabos/standby_sbin/coreshow, /fabos/libexec/coreffdc.sh,  
/fabos/libexec/ipc_showAll, , g.txt /var/log/esslog.old  
/var/log/ficulog.old /var/log/fdmilog.old /var/log/ess , , log.txt  
/var/log/nslog.old /var/log/seclog.old /var/log/zonelog.old /var/log/snm ,  
, plog.old /bin/passwd /bin/login /bin/login.nopam /bin/ping /sbin/fuser  
/sbin/boo , , tenv /usr/bin/du /usr/bin/ppname /usr/bin/rcp /usr/bin/rlogin  
/usr/bin/rsh, sr/sbin/sendmail  
--   
Best Regards,  
Karn Ganeshen  
  
  
`