SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Join our Affiliate Program
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Router/Bridge/Hub)  >  OptiSwitch Vendors:  MRV Communications
(Vendor Disputes Claim) MRV OptiSwitch Yields Root Privileges to Remote Users
SecurityTracker Alert ID:  1007062
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jul 3 2003
Original Entry Date:  Jun 25 2003
Impact:  Root access via network
Exploit Included:  Yes  
Version(s): OptiSwitch-800 version 2.45 and OptiSwitch-400 classifier version 3.61
Description:  A vulnerability was reported in MRV's OptiSwitch product line. A remote user can gain root access on the switch.

It is reported that a remote user can connect to the device via the console or via the telnet port and press 'control-c' followed by two carriage returns to gain root access on the device.

[Editor's note: The vendor has responded to say that the vulnerability does not exist. We are working with the vendor and the author to clarify the situation.]
Impact:  A remote user can gain root access on the device.
Solution:  No solution was available at the time of this entry.

[Editor's note: The vendor disputes the vulnerability claim and has reportedly verified that the product is not vulnerable. We will update this alert when the conflicting reports have been resolved.]
Vendor URL:  www.mrv.com/products/line/optiswitch.php (Links to External Site)
Cause:  Authentication error
Reported By:  CrazZzy Slash <slash@istc.kg>
Message History:   None.

 Source Message Contents
Date:  Thu, 26 Jun 2003 03:03:55 +0000
From:  CrazZzy Slash <slash@istc.kg>
Subject:  OptiSwitch remote root compromise

 

Hello bugtraq :)

I've found bug in OptiSwitch 400 and 800 series, maybe another series :) So abou
t: then you connecting to the switch via telnet or console you may gain root acc
ess pressing Crtl+C <cr><cr> so you will :)

Ok here is detailed information...

Manufactor:
MRV Communications, Inc.
http://www.mrv.com

Product:
OptiSwitch 400 / 800 series, possibly others (not tested)
http://www.mrv.com/products/line/optiswitch.php

Exploit:
Press Ctrl+C <cr><cr> while connecting to the switch and you're welcome :) Enjoy
 ;)

Manufactor informed:
No, too busy for this, only for you bugtraq :)

Date 24.06.2003

slash@istc.kg


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC