[no subject]

[pmsac () TOXYN ORG (pmsac () TOXYN ORG)]

Sorry if this is already known.

Stepped into two "features" of Xylan OmniSwitches (also works on Pizza).
These switches are sold OEM to Alcatel (which just bought Xylan) and IBM.

Number one: anyone can telnet to the switch and login, without knowing
either user or passwod strings. No permission will be given to perform
any command, which is not so bad.
This could work as a DoS, because software versions until 3.1.8 (don't know
about later ones) only allow one interactive session, displaying a message
of "System alread in use" in other attempts. However, since you can do this
DoS even without logging in (just sitting at the login prompt) it's not much
of a DoS.

Number two: anyone can ftp to the switch, whitout knowing either user or
password strings. Everyone is allowed to read all files in the flash,
and even upload files (but not remove or overwrite existing ones).
Since reading all files gives access to SNMP community strings, this could
be trouble, which are stored in clear text on one of the files, and writing
files, well, just use your imagination.

This was tested on software version 3.1.8 (the lastest I can access).

Thanks to cock () p ulh as, which helped test the vulnerability.

Have a nice day.

Disclaimers:
- This "feature" report was only sent here, personal option; software that's
worth thounsands of dollars should be better beta tested;
- I do know switches aren't generally accessible from the internet.