In association with heise online

06 April 2007, 17:53

Vulnerabilities in Enterasys' network management

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Enterasys' network management platform NetSight contains multiple vulnerabilities via which an attacker can take over or crash a system. For example, according to information from iDefense, there is a bug in the file name reading function in the TFTPD server. Names that are too long cause a buffer overflow allowing an attacker to inject code, execute it and take control of the system.

In addition, the BOOTPD server has a vulnerability which crashes the service. A single UDP packet suffices to achieve this. The vulnerabilities were found in versions NetSight Console 2.1 and NetSight Inventory Manager 2.1 under Windows XP and 2000, neither of which are current. Other versions are also probably affected. In the current releases NetSight Console 2.3.1 build 6 and NetSight Inventory Manager 2.2.2 build 4 the vulnerability is ostensibly fixed.

see also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit