Home / exploitsPDF  

Brocade Fabric OS 6.3.1b Weak System Configuration

Posted on 01 December 2015

# Title: [Brocade Fabric OS v6.3.1b - Multiple vulnerabilities] # Discovered by: Karn Ganeshen # Vendor Homepage: [www.brocade.com] # Versions Reported: Kernel 2.6.14.2 + FabOS v6.3.1b + BootProm 1.0.9 > *version* Kernel: 2.6.14.2 Fabric OS: v6.3.1b BootProm: 1.0.9 1 *Default diagnostic accounts* root and factory with default passwords documented in respective admin guides. By default, both these users are not restricted and can SSH / telnet in to the box. 2 *unix-passwd-in-etc-passwd* Password hashes found in /etc/passwd files (All user hashes) 3 *unix-uid-0-accounts* Multiple users have UID 0 privs 4 *unix-world-writable-files* Multiple world writable files are present: /etc/fabos/hil_wwn /etc/fabos/cfgsave/factory/etc/hosts /etc/raslog.ext /etc/raslog.int /etc/ipadmd_log.txt /etc/hosts.0 5 *unix-user-home-dir-mode - weak access permissions* The permissions for home directory of user basicswitchadmin was found to be 755 instead of 750. 6 *generic-passwd-shadow-group-file-permissions - weak access permissions* The permission of file '/etc/shadow' is not 400. 7 *unix-partition-mounting-weakness* /tmp partition does not have 'nosuid' option set. /tmp partition does not have 'noexec' option set. /tmp partition does not have 'nodev' option set. /mnt partition does not have 'nodev' option set. 8 *unix-suid-writable* Following world-writable suid files were found on the system: /etc/fabos/hil_wwn(-r-xrw-rw-) 9 *unix-suid-script* Multiple scripts with suid set were found on the system: , wwn /fabos/sbin/coreshow /fabos/sbin/timeLineGet /fabos/bin/getIpAddr.sh /fabos/ , , bin/userConfig /fabos/cliexec/authCmds /fabos/cliexec/config /fabos/cliexec/conf , , igCmd /fabos/cliexec/configure /fabos/cliexec/fcping /fabos/cliexec/fpcmd /fabos , , /cliexec/haadm /fabos/cliexec/helpcmds /fabos/cliexec/ipAddr /fabos/cliexec/kill , , telnet /fabos/cliexec/ms /fabos/cliexec/savecore /fabos/cliexec/secCmds /fabos/c , , /fabos/sbin/coreshow, /fabos/sbin/timeLineGet, /fabos/cliexec/killtelnet, /fabos/cliexec/savecore, /fabos/cliexec/ssave.sh, , supportsave /fabos/cliexec/supportsavestatus /fabos/cliexec/switchcmd /fabos/cli , , exec/syscmd /fabos/cliexec/trace_cli /fabos/standby_sbin/coreshow /fabos/libexec , , /coreffdc.sh /fabos/libexec/ethmode /fabos/libexec/getDefaultFID /fabos/libexec/ , , ipc_showAll /fabos/libexec/secRoleCheck /fabos/etc/swInst /fabos/webtools/htdocs , , /weblinker.fcg /var/log/rcslog.old /var/log/fdmilog.txt /var/log/ficulog.txt /va , , r/log/nslog.txt /var/log/rcslog.txt /var/log/seclog.txt /var/log/zonelog.txt && , , /fabos/cliexec/supportsavestatus, /fabos/standby_sbin/coreshow, /fabos/libexec/coreffdc.sh, /fabos/libexec/ipc_showAll, , g.txt /var/log/esslog.old /var/log/ficulog.old /var/log/fdmilog.old /var/log/ess , , log.txt /var/log/nslog.old /var/log/seclog.old /var/log/zonelog.old /var/log/snm , , plog.old /bin/passwd /bin/login /bin/login.nopam /bin/ping /sbin/fuser /sbin/boo , , tenv /usr/bin/du /usr/bin/ppname /usr/bin/rcp /usr/bin/rlogin /usr/bin/rsh, sr/sbin/sendmail -- Best Regards, Karn Ganeshen

 

TOP