Actu
Vigil@nce - Brocade FabricOS: multiple vulnerabilities
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use several vulnerabilities of Brocade
FabricOS, in order to obtain sensitive information or to escalate
his privileges.
Impacted products: FabricOS.
Severity: 2/4.
Creation date: 01/12/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Brocade FabricOS.
An attacker can login on the "root" or "factory" account with the
default password, in order to administer the system. [severity:2/4]
An attacker can read the /etc/passwd file, in order to obtain the
hash of passwords. [severity:1/4]
Several accounts have the uid zero. [severity:1/4]
An attacker can write in several files (/etc/fabos/hil_wwn,
/etc/fabos/cfgsave/factory/etc/hosts, /etc/raslog.ext,
/etc/raslog.int, /etc/ipadmd_log.txt, /etc/hosts.0), in order to
potentially escalate his privileges. [severity:1/4]
An attacker can access to the home directory of the
basicswitchadmin user, in order to read sensitive information.
[severity:1/4]
Permissions of the /etc/shadow file are not 0400. [severity:1/4]
The /tmp and /mnt partitions are mounted with no security options.
[severity:1/4]
An attacker can edit the suid file /etc/fabos/hil_wwn, in order to
escalate his privileges. [severity:2/4]
Several simple files have the suid bit, so an attacker can
potentially escalate his privileges. [severity:1/4]
A local attacker can therefore use several vulnerabilities of
Brocade FabricOS, in order to obtain sensitive information or to
escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Brocade-FabricOS-multiple-vulnerabilities-18404
