Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-4383

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

Published

2008-10-03T22:22:41.057

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	alcatel	aos	< 5.1.6.463.r02	Yes
Operating System	alcatel	aos	< 5.4.1.429.r01	Yes
Operating System	alcatel	aos	< 6.1.3.965.r01	Yes
Operating System	alcatel	aos	< 6.1.5.595.r01	Yes
Operating System	alcatel	aos	< 6.3.1.966.r01	Yes
Hardware	alcatel-lucent	omniswitch	os6600	No
Hardware	alcatel-lucent	omniswitch	os6800	No
Hardware	alcatel-lucent	omniswitch	os6850	No
Hardware	alcatel-lucent	omniswitch	os7000	No
Hardware	alcatel-lucent	omniswitch	os9000	No

References

http://secunia.com/advisories/31435 Third Party Advisory ([email protected])
http://securityreason.com/securityalert/4347 Third Party Advisory ([email protected])
http://www.layereddefense.com/alcatel12aug.html Broken Link ([email protected])
http://www.securityfocus.com/archive/1/495343/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/30652 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1020657 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2008/2346 Third Party Advisory ([email protected])
http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/44400 Third Party Advisory, VDB Entry ([email protected])
http://secunia.com/advisories/31435 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/4347 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.layereddefense.com/alcatel12aug.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/495343/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/30652 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1020657 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/2346 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44400 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)