[nsp-sec] Arista EOS Remote Privilege Escalation Vulnerability
Mark Boolootian
booloo at ucsc.edu
Mon Nov 9 20:19:16 EST 2015
> Anyone who needs the SWIX file for the patch, let me know. Its obvious that
> the URL they provided to my organization is watermarked but, the MD5 of the
> downloaded SWIX matches that of what another organization received via their
> unique DL URL.
Since I couldn't (in good conscience) internally share the advisory
you forwarded,
I emailed the Arista PSIRT and told them I'd heard rumblings about a privilege
escalation vulnerability for which there was a code fix, and I asked
if they'd be
willing to share the advisory. They were, with the obvious caveat that the
information isn't public and please don't make it so. The URL of the
patch in the
advisory they sent me was the same as the one in your advisory.
Very much appreciate the additional detail.
More information about the nsp-security
mailing list