CVE-2008-4383

Sažetak

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

Reference

http://secunia.com/advisories/31435
http://securityreason.com/securityalert/4347
http://www.layereddefense.com/alcatel12aug.html
http://www.securityfocus.com/archive/1/495343/100/0/threaded
http://www.securityfocus.com/bid/30652
http://www.securitytracker.com/id?1020657
http://www.vupen.com/english/advisories/2008/2346
http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/44400

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

02-11-2018 - 13:07

Objavljeno

03-10-2008 - 22:22