Re: OptiSwitch remote root compromise

[KF <dotslash () snosoft com>]

I have at least made an attempt at letting the vendor know about the 
issue...

Thank you for your recent email inquiry.  Our support staff will
evaluate your issue and respond as soon as possible.

Thank you for using MRV Communications products and services.


> > > > This is an automated confirmation response message from Service.
> >    
Please do not reply to the sender of this email <<

-KF





CrazZzy Slash wrote:

> Hello bugtraq :)
>
> I've found bug in OptiSwitch 400 and 800 series, maybe another series :) So abou
> t: then you connecting to the switch via telnet or console you may gain root acc
> ess pressing Crtl+C <cr><cr> so you will :)
>
> Ok here is detailed information...
>
> Manufactor:
> MRV Communications, Inc.
> http://www.mrv.com
>
> Product:
> OptiSwitch 400 / 800 series, possibly others (not tested)
> http://www.mrv.com/products/line/optiswitch.php
>
> Exploit:
> Press Ctrl+C <cr><cr> while connecting to the switch and you're welcome :) Enjoy
> ;)
>
> Manufactor informed:
> No, too busy for this, only for you bugtraq :)
>
> Date 24.06.2003
>
> slash () istc kg
>
>