On Thu, 21 Mar 2002, Rouland, Chris (ISSAtlanta) wrote: > > Please confirm that you are able to exploit this, without root accesss to > the IPSO box. Chris, if I set up my own console, why would I need root access to the IPSO box? If I simply set my machine name to starscream and my user to skank I am able to connect and push new keys generated by my console. I am unsure why you would post that "NMRC is unable to confirm that this can be exploited" without actually talking to me first. I just tested it, a second time, and yes, you can connect via the console and root access on the Nokia box is not an issue. The console connects to the control chanell and allows me to push new keys down using the deployment wizard which then allows me to set my new console as the "master controller" and gather alerts, modify policied etc...
This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 12:22:30 PST