RE: Nokia IPSO Vulnerability

From: Jorge Merlino (jmerlinoat_private)
Date: Thu Apr 24 2003 - 09:32:50 PDT

Next message: Dmitry Maksimov: "Positive Technologies SA2003-0310: DoS-attack in VisNetic ActiveDefense"

Previous message: NGSSoftware Insight Security Research: "Internet Explorer Plugin.ocx heap overflow (#NISR24042003)"
Next in thread: Miller, Rick: "RE: Nokia IPSO Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I don't think that is a vulnerability.
The file /etc/master.passwd has read access for all users. Monitor can also
read it in a ssh session.
I you try that URL in a file with, let's say, 660 permissions you get a
blank page.


Regards
	Jorge

-----Mensaje original-----
De: Jonas Eriksson [mailto:jeat_private]
Enviado el: Miercoles, 23 de Abril de 2003 15:27
Para: bugtraqat_private
Asunto: Nokia IPSO Vulnerability




There is a remote security vulnerability in the Nokia IPSO operating
system.

Anyone with access to the webgui (Voyager) on the Nokia IP-box
can read any file on the system.

For example, login as the user 'monitor' (disabled by default)
and use the readfile.tcl to read any file:

http://x.x.x.x/cgi-bin/readfile.tcl?file=/etc/master.passwd

Tested on IPSO 3.6-FCS6


Regards,
Jonas Eriksson
http://sekure.net

Next message: Dmitry Maksimov: "Positive Technologies SA2003-0310: DoS-attack in VisNetic ActiveDefense"
Previous message: NGSSoftware Insight Security Research: "Internet Explorer Plugin.ocx heap overflow (#NISR24042003)"
Next in thread: Miller, Rick: "RE: Nokia IPSO Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 24 2003 - 10:17:22 PDT