Security Advisory: [SA15438] ExtremeWare XOS Unspecified Privilege Escalation Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
ExtremeWare network switches privilege escalation

From: SECUNIA <support_(at)_secunia.com>
Date: 19.05.2005
Subject: [SA15438] ExtremeWare XOS Unspecified Privilege Escalation Vulnerability

----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?

Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
ExtremeWare XOS Unspecified Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA15438

VERIFY ADVISORY:
http://secunia.com/advisories/15438/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
>From local network

OPERATING SYSTEM:
ExtremeWare XOS 11.x
http://secunia.com/product/5118/
ExtremeWare XOS 10.x
http://secunia.com/product/5119/

DESCRIPTION:
A vulnerability has been reported in ExtremeWare XOS, which can be
exploited by malicious users to gain escalated privileges.

The vulnerability is caused due to an unspecified error, which can be
exploited to gain administrative privileges on the underlying system.

Successful exploitation requires user level privileges.

The vulnerability affects the BlackDiamond 10808 (10K) and
BlackDiamond 8800 switches running the following versions of
ExtremeWare XOS:
* All versions prior to 11.1.3.3 for the 11.1 branch.
* All versions prior to 11.0.2.4 for the 11.0 branch.
* All versions for the 10.x branch.

SOLUTION:
Update to version 11.0.2.4 or 11.1.3.3.

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
Extreme Networks:
http://www.extremenetworks.com/services/documentation/FieldNotices_FN0215-Securit
y_Alert_EXOS.asp

OTHER REFERENCES:
US-CERT VU#937838:
http://www.kb.cert.org/vuls/id/937838

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.