Stack overflow

2008-10-0322:22:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

Low

0.146 Low

EPSS

Percentile

95.8%

JSON

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

CPENameOperatorVersion
aosge5.1
aoslt5.1.6.463.
aosge5.4
aoslt5.4.1.429.
aosge6.1.3
aoslt6.1.3.965.
aosge6.1.5
aoslt6.1.5.595.
aosge6.3
aoslt6.3.1.966.

Name	Operator	Version
aos	ge	5.1
aos	lt	5.1.6.463.
aos	ge	5.4
aos	lt	5.4.1.429.
aos	ge	6.1.3
aos	lt	6.1.3.965.
aos	ge	6.1.5
aos	lt	6.1.5.595.
aos	ge	6.3
aos	lt	6.3.1.966.

References

secunia.com/advisories/31435

securityreason.com/securityalert/4347

www.layereddefense.com/alcatel12aug.html

www.securityfocus.com/archive/1/495343/100/0/threaded

www.securityfocus.com/bid/30652

www.securitytracker.com/id?1020657

www.vupen.com/english/advisories/2008/2346

www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm

exchange.xforce.ibmcloud.com/vulnerabilities/44400