VAR-200810-0216
Vulnerability from variot - Updated: 2023-12-18 13:44Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. Alcatel-Lucent OmniSwitch products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the affected software. Failed exploit attempts will result in a denial-of-service condition. Alcatel-Lucent OmniSwitch is a network switch product of French Alcatel-Lucent (Alcatel-Lucent). If the user sends 2392 bytes of data in the Cookie: Session= header, this overflow can be triggered, resulting in the execution of arbitrary instructions. The number of bytes required to trigger this overflow varies with the AOS version. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Alcatel-Lucent OmniSwitch Series Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA31435
VERIFY ADVISORY: http://secunia.com/advisories/31435/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From local network
OPERATING SYSTEM: Alcatel-Lucent OmniSwitch 7000 Series http://secunia.com/product/789/ Alcatel-Lucent OmniSwitch 6600 Series http://secunia.com/product/19553/ Alcatel-Lucent OmniSwitch 6800 Series http://secunia.com/product/19554/ Alcatel-Lucent OmniSwitch 6850 Series http://secunia.com/product/19555/ Alcatel-Lucent OmniSwitch 9000 Series http://secunia.com/product/19556/
DESCRIPTION: Deral Heiland has reported a vulnerability in various OmniSwitch products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in the following Alcatel OmniSwitch products: * OS7000 Series * OS6600 Series * OS6800 Series * OS6850 Series * OS9000 Series
SOLUTION: Update to the following versions: * 5.4.1.429.R01 or higher * 5.1.6.463.R02 or higher * 6.1.3.965.R01 or higher * 6.1.5.595.R01 or higher * 6.3.1.966.R01 or higher
Contact the Alcatel-Lucent Technical Support for availability of other releases.
PROVIDED AND/OR DISCOVERED BY: Deral Heiland, Layered Defense Research
ORIGINAL ADVISORY: Alcatel-Lucent: http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm
Layered Defense Research: http://www.layereddefense.com/alcatel12aug.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200810-0216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os6850"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os9000"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os7000"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os6600"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 1.4,
"vendor": "alcatel lucent",
"version": "os6800"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.5"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.1.6.463.r02"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.1"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.3.965.r01"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.3.1.966.r01"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.5.595.r01"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.3"
},
{
"model": "aos",
"scope": "lt",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.4.1.429.r01"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.1.3"
},
{
"model": "aos",
"scope": "gte",
"trust": 1.0,
"vendor": "alcatel",
"version": "5.4"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.3"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.5.595.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.3.965.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.4"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.3.1.966.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.4.1.429.r01"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.3"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.1.5"
},
{
"model": "alcatel-lucent operating system",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.1.6.463.r02"
},
{
"model": "alcatel-lucent operating system",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "5.1"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "5.1.6.463"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6.1.3.965"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "5.4.1.429"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6.3.1.966"
},
{
"model": "aos",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "5.1.1"
},
{
"model": "omniswitch os9000 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os7000 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os6850 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os6800 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "omniswitch os6600 series",
"scope": null,
"trust": 0.3,
"vendor": "alcatel lucent",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.3.965.r01",
"versionStartIncluding": "6.1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.5.595.r01",
"versionStartIncluding": "6.1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.3.1.966.r01",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.1.429.r01",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.6.463.r02",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os9000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os6600:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os6850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os6800:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch:os7000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4383"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Deral Heiland\u203bhttp://www.layereddefense.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
],
"trust": 0.6
},
"cve": "CVE-2008-4383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-4383",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-34508",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-4383",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200810-030",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-34508",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. Alcatel-Lucent OmniSwitch products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied data. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected software. Failed exploit attempts will result in a denial-of-service condition. Alcatel-Lucent OmniSwitch is a network switch product of French Alcatel-Lucent (Alcatel-Lucent). If the user sends 2392 bytes of data in the Cookie: Session= header, this overflow can be triggered, resulting in the execution of arbitrary instructions. The number of bytes required to trigger this overflow varies with the AOS version. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nAlcatel-Lucent OmniSwitch Series Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA31435\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31435/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nAlcatel-Lucent OmniSwitch 7000 Series\nhttp://secunia.com/product/789/\nAlcatel-Lucent OmniSwitch 6600 Series\nhttp://secunia.com/product/19553/\nAlcatel-Lucent OmniSwitch 6800 Series\nhttp://secunia.com/product/19554/\nAlcatel-Lucent OmniSwitch 6850 Series\nhttp://secunia.com/product/19555/\nAlcatel-Lucent OmniSwitch 9000 Series\nhttp://secunia.com/product/19556/\n\nDESCRIPTION:\nDeral Heiland has reported a vulnerability in various OmniSwitch\nproducts, which can be exploited by malicious people to cause a DoS\n(Denial of Service) or to compromise a vulnerable system. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nThe vulnerability is reported in the following Alcatel OmniSwitch\nproducts:\n* OS7000 Series\n* OS6600 Series\n* OS6800 Series\n* OS6850 Series\n* OS9000 Series\n\nSOLUTION:\nUpdate to the following versions:\n* 5.4.1.429.R01 or higher\n* 5.1.6.463.R02 or higher\n* 6.1.3.965.R01 or higher\n* 6.1.5.595.R01 or higher\n* 6.3.1.966.R01 or higher\n\nContact the Alcatel-Lucent Technical Support for availability of\nother releases. \n\nPROVIDED AND/OR DISCOVERED BY:\nDeral Heiland, Layered Defense Research\n\nORIGINAL ADVISORY:\nAlcatel-Lucent:\nhttp://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm\n\nLayered Defense Research:\nhttp://www.layereddefense.com/alcatel12aug.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "PACKETSTORM",
"id": "68969"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-4383",
"trust": 2.8
},
{
"db": "BID",
"id": "30652",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "31435",
"trust": 1.8
},
{
"db": "SREASON",
"id": "4347",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020657",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2346",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493",
"trust": 0.8
},
{
"db": "XF",
"id": "44400",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080812 LAYERED DEFENSE RESEARCH ADVISORY: ALCATEL-LUCENT OMNISWITCH PRODUCTS, STACK BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-34508",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68969",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "PACKETSTORM",
"id": "68969"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"id": "VAR-200810-0216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:44:58.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alcatel-lucent.com"
},
{
"title": "PR 122812",
"trust": 0.8,
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/omniswitch.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/omniswitch.htm"
},
{
"trust": 1.8,
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/30652"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020657"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31435"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4347"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2346"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4383"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4383"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44400"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495343/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.alcatel-lucent.com/"
},
{
"trust": 0.3,
"url": "http://www1.alcatel-lucent.com/products/keywordresults.jsp?_requestid=28458"
},
{
"trust": 0.3,
"url": "/archive/1/495343"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31435/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19554/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19553/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19555/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/789/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19556/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "PACKETSTORM",
"id": "68969"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-34508"
},
{
"db": "BID",
"id": "30652"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"db": "PACKETSTORM",
"id": "68969"
},
{
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-34508"
},
{
"date": "2008-08-06T00:00:00",
"db": "BID",
"id": "30652"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"date": "2008-08-13T01:46:19",
"db": "PACKETSTORM",
"id": "68969"
},
{
"date": "2008-10-03T22:22:41.057000",
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"date": "2008-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-34508"
},
{
"date": "2015-05-07T17:25:00",
"db": "BID",
"id": "30652"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003493"
},
{
"date": "2018-11-02T13:07:01.850000",
"db": "NVD",
"id": "CVE-2008-4383"
},
{
"date": "2009-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel OmniSwitch Device stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003493"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-030"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…