[ISN] Alcatel leaves LAN switch software back door wide open

From: InfoSec News (isnat_private)
Date: Mon Nov 25 2002 - 00:00:26 PST

  • Next message: InfoSec News: "Re: [ISN] Security Cert Provider Cries Foul"

    By Joris Evers
    IDG News Service
    A security vulnerability in Alcatel SA's OmniSwitch 7000 series LAN
    switches could lead to an attacker gaining full control over the
    switches, Alcatel warned.
    Alcatel OmniSwitch 7700 and 7800 switches running the Alcatel
    Operating System (AOS) Version 5.1.1 are affected, Alcatel said in a
    security advisory this week. The Computer Emergency Response
    Team/Coordination Center (CERT/CC) at Carnegie Mellon University in
    Pittsburgh issued a separate warning on Thursday.
    In the vulnerable systems, a telnet server listens for connections on
    TCP port 6778 and accepts connections without requiring a password,
    creating a back door that provides full administrative control over
    the switch.
    The telnet access was used for development of the product and Alcatel
    forgot to remove it "due to an oversight," the company said. Alcatel
    informed CERT of the back door when it was discovered during a code
    audit, the Paris network equipment maker said.
    Users of vulnerable switches should immediately create an access
    control list blocking all access to port 6778 on the switch, Alcatel
    said. A patch to close the back door is also available. Furthermore,
    the vulnerability will be removed from AOS as of Version 5.1.3,
    Alcatel said. AOS ships with each OmniSwitch.
    The scope of the vulnerability is limited because the OmniSwitch 7000
    series is meant for use in enterprise networks, not in public
    networks, Alcatel spokesman Klaus Wustrack said Friday. That means
    that companies could face attacks from the inside only and that public
    networks are not at risk.
    "These switches are normally used within a private enterprise network.  
    They are not public switching products. Any enterprise should protect
    their private network through a firewall," Wustrack said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Nov 25 2002 - 03:20:40 PST