Sorry if this is already known. Stepped into two "features" of Xylan OmniSwitches (also works on Pizza). These switches are sold OEM to Alcatel (which just bought Xylan) and IBM. Number one: anyone can telnet to the switch and login, without knowing either user or passwod strings. No permission will be given to perform any command, which is not so bad. This could work as a DoS, because software versions until 3.1.8 (don't know about later ones) only allow one interactive session, displaying a message of "System alread in use" in other attempts. However, since you can do this DoS even without logging in (just sitting at the login prompt) it's not much of a DoS. Number two: anyone can ftp to the switch, whitout knowing either user or password strings. Everyone is allowed to read all files in the flash, and even upload files (but not remove or overwrite existing ones). Since reading all files gives access to SNMP community strings, this could be trouble, which are stored in clear text on one of the files, and writing files, well, just use your imagination. This was tested on software version 3.1.8 (the lastest I can access). Thanks to cockat_private, which helped test the vulnerability. Have a nice day. Disclaimers: - This "feature" report was only sent here, personal option; software that's worth thounsands of dollars should be better beta tested; - I do know switches aren't generally accessible from the internet.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:18 PDT