Original release date: November 21, 2002<br>
Last revised: Thu Jan  2 13:02:38 EST 2003<br>
Source: CERT/CC, Alcatel<br>

<p>A complete revision history can be found at the end of this file.</p>

<a name="affected"></a>
<h3>Systems Affected</h3>

<li>Alcatel OmniSwitch 7700/7800 switches running Alcatel Operating System (AOS) version 5.1.1</li>

<a name="overview"></a>

<A HREF="http://www.alcatel.com">Alcatel</a> has recently discovered a
serious vulnerability in AOS version 5.1.1. Exploitation of this
vulnerability can lead to full administrative control of the device
running AOS.

<a name="description"></a>
<h2>I. Description</h2>

AOS typically runs on network infrastructure devices, such as the <A HREF="http://www.ind.alcatel.com/specs/index.cfm?cnt=7000">Alcatel OmniSwitch 7000 series switch</a>. According to Alcatel:

<blockquote><i>During an NMAP audit of the AOS 5.1.1 code that runs on the Alcatel
OmniSwitch 7700/7800 LAN switches, it was determined a telnet server
was listening on TCP port number 6778. This was used during
development to access the Wind River Vx-Works operating system. Due to
an oversight, this access was not removed prior to product release.</i></blockquote>

Further information about this vulnerability may be found in <a
href="http://www.kb.cert.org/vuls/id/181721">VU#181721</a>. This issue is also being referenced as <a 


<a name="impact"></a>
<h2>II. Impact</h2>

An attacker can gain full access to any device running AOS version
5.1.1, which can result in, but is not limited to, unauthorized
access, unauthorized monitoring, information leakage, or denial of

<br> <a name="solution"></a>
<h2>III. Solution</h2>

<h4>Upgrade to AOS 5.1.1.R02 or AOS 5.1.1.R03</h4>

Contact Alcatel's <a href="http://eservice.ind.alcatel.com/contactinformation/">customer support</a> for the updated AOS.

<a name="workarounds"></a>

Block access to port 6778/TCP at your network perimeter.

<a name="vendors"></a>
<h2>Appendix A. - Vendor Information</h2>

<p><A HREF="http://www.kb.cert.org/vuls/id/181721">VU#181721</a> was
written by Alcatel. As new vendor information is reported to the
CERT/CC, we will update VU#181721 and note the changes in our
revision history.

<a name="references">
<H2>Appendix B. - References</H2>

<li><a name="ref1">
<P>VU#181721: Alcatel OmniSwitch 7700/7800 does not require a password for accessing the telnet server - <A

<li><a name="ref2">
<P>OmniSwitch_7000_brief - <A HREF="http://www.ind.alcatel.com/nextgen/OmniSwitch_7000_brief.pdf">http://www.ind.alcatel.com/nextgen/OmniSwitch_7000_brief.pdf</a>

<li><a name="ref3">
<P>CAN-2002-1272 - <A HREF="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1272">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1272</a>

<hr noshade>

<p>We thank Olivier Paridaens and Jeff Hayes of Alcatel for reporting
this issue.


<hr noshade>

<p>Author: <a
href="mailto:cert@cert.org?subject=CA-2002-32%20Feedback%20VU%23181721">Ian A. Finlay</a>.


<!--#include virtual="/include/footer_nocopyright.html" -->

<p>Copyright 2002 Carnegie Mellon University.</p>

<p>Revision History
November 21, 2002: Initial release
January  02, 2002: Changed URL for Alcatel Customer Support