[33938] in bugtraq
Alcatel Omniswitch 7000 series
daemon@ATHENA.MIT.EDU (Michael Shekman)
Wed Feb 25 11:51:25 2004
Date: 19 Feb 2004 17:07:21 -0000
Message-ID: <20040219170721.25248.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Michael Shekman <michaels80@ci.manchester.ct.us>
To: bugtraq@securityfocus.com
Running Nessus 2.0.9 against Alcatel 7000 series causing a swith to reboot via buffer overflow(?).
Alcatel has multiple services running on the background, with no option to shut them down. Vulnerable ports: 80, 260, 261, 443. Disabling a service via qos policy (suggested by Alcatel) does just a minor relief, since many other possible vulnerabilities cause the same outcome.
Systems affected: 7700, 7800, possibly 8800 (have not tested due to the critical switch location)
Tested System info:
--------------------
FPGA : 38
BootROM Version: 5.1.4.67.R01
OS: 5.1.4.27.R03
Test configuration:
-------------------
ports 1-1024
no safe-checks (NOTE: safe-checks occasionally crash the switch as well)
1870 plugins enable
all scans enable
