Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OptiSwitch remote root compromise - Wrong ifnormation

From: Zeev Dr <zdraer () mrv com>
Date: 2 Jul 2003 09:01:38 -0000
In-Reply-To: <20030626030355.GA10951 () istc kg>

This is clearly a malicious attempt to harm company product. 
No such hack exists, and this has been verified already by all relevant
entities.
Strongly recommended that placing such a harmful statement on site, should 
at least be confirmed with the vendor before being made public.

Zeev Draer 
OptiSwitch PM
-------------




Received: (qmail 3370 invoked from network); 25 Jun 2003 21:07:39 -0000
Received: from outgoing2.securityfocus.com (205.206.231.26)
 by mail.securityfocus.com with SMTP; 25 Jun 2003 21:07:39 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com 

[205.206.231.19])

      by outgoing2.securityfocus.com (Postfix) with QMQP
      id 117E48F7D7; Wed, 25 Jun 2003 15:07:26 -0600 (MDT)
Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq () securityfocus com>
List-Help: <mailto:bugtraq-help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
Delivered-To: mailing list bugtraq () securityfocus com
Delivered-To: moderator for bugtraq () securityfocus com
Received: (qmail 15715 invoked from network); 25 Jun 2003 20:57:21 -0000
Date: Thu, 26 Jun 2003 03:03:55 +0000
From: CrazZzy Slash <slash () istc kg>
To: bugtraq () securityfocus com
Subject: OptiSwitch remote root compromise
Message-ID: <20030626030355.GA10951 () istc kg>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i

Hello bugtraq :)

I've found bug in OptiSwitch 400 and 800 series, maybe another series :) 

So abou

t: then you connecting to the switch via telnet or console you may gain 

root acc

ess pressing Crtl+C <cr><cr> so you will :)

Ok here is detailed information...

Manufactor:
MRV Communications, Inc.
http://www.mrv.com

Product:
OptiSwitch 400 / 800 series, possibly others (not tested)
http://www.mrv.com/products/line/optiswitch.php

Exploit:
Press Ctrl+C <cr><cr> while connecting to the switch and you're 

welcome :) Enjoy

;)

Manufactor informed:
No, too busy for this, only for you bugtraq :)

Date 24.06.2003

slash () istc kg
Previous By Date Next
Previous By Thread Next

Current thread: