CVE-2007-0932 – Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
https://notcve.org/view.php?id=CVE-2007-0932
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN. Los (1) controladores Aruba Mobility versiones 200, 600, 2400 y 6000 y (2) Alcatel-Lucent OmniAccess Wireless versiones 43xx y 6000 implementan de manera inapropiada la autenticación y la asignación de privilegios para la cuenta del invitado, lo que permite a los atacantes remotos acceder a interfaces administrativas o a la WLAN. Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html http://osvdb.org/33185 http://secunia.com/advisories/24144 http://securityreason.com/securityalert/2243 http://www.kb.cert.org/vuls/id/613833 http://www.securityfocus.com/archive/1/459927/100/0/threaded http://www.securityfocus.com/bid/22538 https://exchange.xforce.ibmcloud.com/vulnerabilities/32461 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2003-1108
https://notcve.org/view.php?id=CVE-2003-1108
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. • http://www.cert.org/advisories/CA-2003-06.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip http://www.kb.cert.org/vuls/id/528719 http://www.securityfocus.com/bid/6904 https://exchange.xforce.ibmcloud.com/vulnerabilities/11379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5831 •
CVE-2002-1691
https://notcve.org/view.php?id=CVE-2002-1691
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access. • http://marc.info/?l=bugtraq&m=101413767925869&w=2 http://www.securityfocus.com/bid/4127 https://exchange.xforce.ibmcloud.com/vulnerabilities/8224 •
CVE-2002-0294
https://notcve.org/view.php?id=CVE-2002-0294
Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system. Alcatel 4400 instala el comando /chetc/shutdown con privilegios setgid, lo que permite a muchos usuarios locales apagar el sistema. • http://marc.info/?l=bugtraq&m=101413767925869&w=2 http://www.securityfocus.com/bid/4130 •
CVE-2002-0295
https://notcve.org/view.php?id=CVE-2002-0295
Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges. Alcatel OmniPCX 4400 instala ficheros con permisos de escritura para todos los usuarios, lo que permite a usuarios locales reconfigurar el sistema y posiblemente ganar privilegios. • http://marc.info/?l=bugtraq&m=101413767925869&w=2 http://www.securityfocus.com/bid/4133 •