Tuesday, December 1, 2015

Brocade Fabric OS v6.3.1b Multiple Vulnerabilities

# Title: [Brocade Fabric OS v6.3.1b - Multiple vulnerabilities]
# Discovered by: Karn Ganeshen
# Vendor Homepage: [www.brocade.com]
# Versions Reported: Kernel 2.6.14.2 + FabOS v6.3.1b + BootProm 1.0.9


version
Kernel:     2.6.14.2
Fabric OS:  v6.3.1b
BootProm:   1.0.9

Default diagnostic accounts
root and factory with default passwords documented in respective admin guides. By default, both these users are not restricted and can SSH / telnet in to the box.

unix-passwd-in-etc-passwd
Password hashes found in /etc/passwd files (All user hashes)

unix-uid-0-accounts
Multiple users have UID 0 privs

unix-world-writable-files
Multiple world writable files are present:
/etc/fabos/hil_wwn
/etc/fabos/cfgsave/factory/etc/hosts
/etc/raslog.ext
/etc/ipadmd_log.txt
/etc/hosts.0

unix-user-home-dir-mode - weak access permissions
The permissions for home directory of user basicswitchadmin was found to be 755 instead of 750.

generic-passwd-shadow-group-file-permissions - weak access permissions
The permission of file '/etc/shadow' is not 400.

unix-partition-mounting-weakness

/tmp partition does not have 'nosuid' option set. 
/tmp partition does not have 'noexec' option set. 
/tmp partition does not have 'nodev' option set. 
/mnt partition does not have 'nodev' option set.

unix-suid-writable
Following world-writable suid files were found on the system:
/etc/fabos/hil_wwn(-r-xrw-rw-)

unix-suid-script
Multiple scripts with suid set were found on the system:

, wwn /fabos/sbin/coreshow /fabos/sbin/timeLineGet /fabos/bin/getIpAddr.sh /fabos/ , , bin/userConfig /fabos/cliexec/authCmds /fabos/cliexec/config /fabos/cliexec/conf , , igCmd /fabos/cliexec/configure /fabos/cliexec/fcping /fabos/cliexec/fpcmd /fabos , , /cliexec/haadm /fabos/cliexec/helpcmds /fabos/cliexec/ipAddr /fabos/cliexec/kill , , telnet /fabos/cliexec/ms /fabos/cliexec/savecore /fabos/cliexec/secCmds /fabos/c , , /fabos/sbin/coreshow, /fabos/sbin/timeLineGet, /fabos/cliexec/killtelnet, /fabos/cliexec/savecore, /fabos/cliexec/ssave.sh, , supportsave /fabos/cliexec/supportsavestatus /fabos/cliexec/switchcmd /fabos/cli , , exec/syscmd /fabos/cliexec/trace_cli /fabos/standby_sbin/coreshow /fabos/libexec , , /coreffdc.sh /fabos/libexec/ethmode /fabos/libexec/getDefaultFID /fabos/libexec/ , , ipc_showAll /fabos/libexec/secRoleCheck /fabos/etc/swInst /fabos/webtools/htdocs , , /weblinker.fcg /var/log/rcslog.old /var/log/fdmilog.txt /var/log/ficulog.txt /va , , r/log/nslog.txt /var/log/rcslog.txt /var/log/seclog.txt /var/log/zonelog.txt && , , /fabos/cliexec/supportsavestatus, /fabos/standby_sbin/coreshow, /fabos/libexec/coreffdc.sh, /fabos/libexec/ipc_showAll, , g.txt /var/log/esslog.old /var/log/ficulog.old /var/log/fdmilog.old /var/log/ess , , log.txt /var/log/nslog.old /var/log/seclog.old /var/log/zonelog.old /var/log/snm , , plog.old /bin/passwd /bin/login /bin/login.nopam /bin/ping /sbin/fuser /sbin/boo , , tenv /usr/bin/du /usr/bin/ppname /usr/bin/rcp /usr/bin/rlogin /usr/bin/rsh, sr/sbin/sendmail 

No comments:

Post a Comment

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.