The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Brocade FabricOS: multiple vulnerabilities

Synthesis of the vulnerability 

A local attacker can use several vulnerabilities of Brocade FabricOS, in order to obtain sensitive information or to escalate his privileges.
Vulnerable systems: FabricOS.
Severity of this threat: 2/4.
Number of vulnerabilities in this bulletin: 9.
Creation date: 01/12/2015.
Références of this weakness: VIGILANCE-VUL-18404.

Description of the vulnerability 

Several vulnerabilities were announced in Brocade FabricOS.

An attacker can login on the "root" or "factory" account with the default password, in order to administer the system. [severity:2/4]

An attacker can read the /etc/passwd file, in order to obtain the hash of passwords. [severity:1/4]

Several accounts have the uid zero. [severity:1/4]

An attacker can write in several files (/etc/fabos/hil_wwn, /etc/fabos/cfgsave/factory/etc/hosts, /etc/raslog.ext, /etc/raslog.int, /etc/ipadmd_log.txt, /etc/hosts.0), in order to potentially escalate his privileges. [severity:1/4]

An attacker can access to the home directory of the basicswitchadmin user, in order to read sensitive information. [severity:1/4]

Permissions of the /etc/shadow file are not 0400. [severity:1/4]

The /tmp and /mnt partitions are mounted with no security options. [severity:1/4]

An attacker can edit the suid file /etc/fabos/hil_wwn, in order to escalate his privileges. [severity:2/4]

Several simple files have the suid bit, so an attacker can potentially escalate his privileges. [severity:1/4]

A local attacker can therefore use several vulnerabilities of Brocade FabricOS, in order to obtain sensitive information or to escalate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity note impacts software or systems such as FabricOS.

Our Vigil@nce team determined that the severity of this computer weakness announce is medium.

The trust level is of type unique source, with an origin of user shell.

This bulletin is about 9 vulnerabilities.

An attacker with a expert ability can exploit this cybersecurity vulnerability.

Solutions for this threat 

Brocade FabricOS: workaround.
A workaround is to limit users with a shell access, and to change the password of "root" and "factory" users.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides systems vulnerabilities patches. The Vigil@nce vulnerability database contains several thousand vulnerabilities.