Return to CVE list

CVE-2008-4383

10.0

Critical

CVE-2008-4383

3 Oct 2008

cret@cert.org

Modified

View on MITRE Find on GitHub

Description

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

cret@cert.org

http://secunia.com/advisories/31435

cret@cert.org

http://securityreason.com/securityalert/4347

cret@cert.org

http://www.layereddefense.com/alcatel12aug.html

cret@cert.org

http://www.securityfocus.com/archive/1/495343/100/0/threaded

cret@cert.org

http://www.securityfocus.com/bid/30652

cret@cert.org

http://www.securitytracker.com/id?1020657

cret@cert.org

http://www.vupen.com/english/advisories/2008/2346

cret@cert.org

http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm

cret@cert.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/44400

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31435

af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/4347

af854a3a-2127-422b-91ae-364da2661108

http://www.layereddefense.com/alcatel12aug.html

af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/495343/100/0/threaded

af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30652

af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020657

af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2346

af854a3a-2127-422b-91ae-364da2661108

http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm

af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44400