search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Extreme Networks switches with ExtremeWare XOS allow arbitrary command execution

Vulnerability Note VU#937838

Original Release Date: 2005-05-18 | Last Revised: 2005-05-25

Overview

Some Extreme Networks switches running ExtremeWare XOS have a vulnerability that allows a malicious authenticated user to escape to the underlying operating system command shell with administrator-level (root) privileges.

Description

Extreme Network switches running ExtremeWare XOS contain a vulnerability that permits arbitrary command execution as the super user of the underlying operating system by any authenticated XOS user, including those created as non-privileged XOS users.


In order to exploit this vulnerability, the user must be authenticated to XOS.

Impact

Any authenticated XOS user can potentially execute arbitrary commands with administrator-level access to the underlying operating system of the switches.

Solution

Apply a patch available from the Vendor. For more information see the vendor field notice FN0215:


http://www.extremenetworks.com/services/documentation/FieldNotices_FN0215-Security_Alert_EXOS.asp


Workaround

Until and after the patch can be applied, consider restricting account access to only those users who are authorized to make configuration changes. It is also advisable to consider the use of firewalls/port blocking to restrict network authentication access to as few hosts as practical. Note that this will not completely mitigate this vulnerability, but will limit the vectors for attack.

Vendor Information

937838
 
Expand all

Extreme Networks Affected

Notified:  April 27, 2005 Updated: May 18, 2005

Status

Affected

Vendor Statement

The Field notice has been published on the extremenetworks website.

http://www.extremenetworks.com/services/documentation/FieldNotices_FN0215-Security_Alert_EXOS.asp

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

http://www.extremenetworks.com/services/documentation/FieldNotices_FN0215-Security_Alert_EXOS.asp

Acknowledgements

Thanks to Extreme Networks for directly reporting this vulnerability and providing analytical information. Extreme Networks in turn thanks Matt Johnson and Stuart McRobert, Department of Computing, Imperial College London who discovered and reported the vulnerability to Extreme Networks.

This document was written by Robert Mead.

Other Information

CVE IDs: CVE-2005-1670
Severity Metric: 4.95
Date Public: 2005-05-12
Date First Published: 2005-05-18
Date Last Updated: 2005-05-25 18:39 UTC
Document Revision: 21

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis