Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Router/Bridge/Hub)  >   Alcatel-Lucent OmniSwitch Vendors:   Alcatel-Lucent
Alcatel OmniSwitch Management Web Server Stack Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020657
SecurityTracker URL:
CVE Reference:   CVE-2008-4383   (Links to External Site)
Updated:  Oct 8 2008
Original Entry Date:  Aug 12 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to,,,,
Description:   A vulnerability was reported in Alcatel OmniSwitch. A remote user can execute arbitrary code on the target system.

A remote user can send a specially crafted "Cookie: Session=" header value to trigger a stack overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

The vulnerability resides in the Agranet-Emweb embedded management web server.

The following OmniSwitch versions are affected:

OS7000 Series
OS6600 Series
OS6800 Series
OS6850 Series
OS9000 Series

The vendor was notified on May 22, 2008.

Deral Heiland of reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued the following fixes (AoS Releases):

* and above
* and above
* and above
* and above
* and above

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error

Message History:   None.

 Source Message Contents

Subject:  [Full-disclosure] Layered Defense Research Advisory: Alcatel-Lucent

Layered Defense Research Advisory 12 August 2008
1) Affected Product
Alcatel-Lucent OmniSwitch products
2) Severity Rating:
Impact: Remotely exploitable without authentication.
3) Description of Vulnerability
A stack based buffer overflow was discovered within Alcatel 
OmniSwitch product line.
This buffer overflow was discovered within the Agranet-Emweb embedded 
management web server and can be exploited remotely without user 
The vulnerability can be triggered on a 6200-24 running AOS Version by sending 2392 bytes in the http header "Cookie: 
Session=" This appears to overwrite a return address on the stack 
giving the attacker control of the instruction pointer. The amount of 
bytes needed to trigger the overflow varies between AOS versions.
4) Solution
1. Install AOS upgrades as recommended by Vendor
2. Disable Web services on OmniSwitch products
5) Time Table:
05/21/2008 Reported Vulnerability to Vendor.
06/27/2008 Vendor acknowledged the vulnerability
08/06/2008 Vendor published hot fix
6) Credits Discovered by Deral Heiland,
7) Reference
8) About Layered Defense Layered Defense, Is a group of security 
professionals that work together on ethical Research, Testing and 
Training within the information security arena.

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC