what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

enterasys.txt

enterasys.txt
Posted Jun 21, 2005
Authored by Jacek Lipkowski

Enterasys Vertical Horizon switches have a default account embedded in them. Additionally, a denial of service vulnerability exists.

tags | exploit, denial of service
SHA-256 | 97df385b1c7c2ba8b61d82c9701fcb688658ebfd12c37c7834c410d094db2645

enterasys.txt

Change Mirror Download
1. Problem Description

An undocumented account with a default password exists, additionally guest
users can DoS the switch.

2. Tested systems

The following versions were tested and found vulnerable:

Vertical Horizon VH-2402S with firmware 02.05.00
Vertical Horizon VH-2402S with firmware 02.05.09.07

All publically software versions before 2.05.09.08 are assumed to be
vulnerable. Additionally firmware for other Vertical Horizon switches has
been released on similar dates and according to the release notes the
vulnerability might be also present there.

3. Details

The undocumented account is user tiger with password tiger123

Additionally there are some debug commands available to all users after
pressing ctrl-f, ctrl-b, ctrl-g or ctrl-l when logged in via the serial
console or telnet. The write commands available after pressing ctrl-g
can be harmful to the switch - allowing any valid user including
guest user to remotely disable the switch.

4. Recommendations

As always it is good administrative practice to block access to
administrative interfaces (telnet, web, snmp) at the firewall. Upgrading
to firmware version 02.05.09.08 solves both problems: the undocumented
account is removed and the debug commands are only avaliable to users
with administrative privlidges.


5. Vendor status

Enterasys was informed on Mar 8 2005. The vendor responded on Mar 10 2005.
The fixed software is available from the Enterasys
support site https://www.enterasys.com/download/download.cgi?lib=vh
since June 16 2005. Unfortunately the vendor doesn't want to follow the
route of responsible full disclosure by not giving the researcher
proper credit.

6. Disclaimer

Neither I nor my employer is responsible for the use or misuse of
information in this advisory. The opinions expressed are my own and not
of any company. Any use of the information is at the user's own risk.


Jacek Lipkowski
sq5bpf at andra com pl

Andra Co. Ltd.
ul Pryzmaty 6/8
02-226 Warsaw, Poland
https://www.andra.com.pl

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close