Nokia IPSO Vulnerability

From: Jonas Eriksson (jeat_private)
Date: Wed Apr 23 2003 - 11:27:20 PDT

Next message: David F. Madrid: "Permanent crash in Opera 7.10"

Previous message: Derek: "Re: Cracking preshared keys"
Next in thread: Jorge Merlino: "RE: Nokia IPSO Vulnerability"
Reply: Jorge Merlino: "RE: Nokia IPSO Vulnerability"
Reply: Miller, Rick: "RE: Nokia IPSO Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a remote security vulnerability in the Nokia IPSO operating
system.

Anyone with access to the webgui (Voyager) on the Nokia IP-box
can read any file on the system.

For example, login as the user 'monitor' (disabled by default)
and use the readfile.tcl to read any file:

http://x.x.x.x/cgi-bin/readfile.tcl?file=/etc/master.passwd

Tested on IPSO 3.6-FCS6


Regards,
Jonas Eriksson
http://sekure.net

Next message: David F. Madrid: "Permanent crash in Opera 7.10"
Previous message: Derek: "Re: Cracking preshared keys"
Next in thread: Jorge Merlino: "RE: Nokia IPSO Vulnerability"
Reply: Jorge Merlino: "RE: Nokia IPSO Vulnerability"
Reply: Miller, Rick: "RE: Nokia IPSO Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 24 2003 - 10:44:32 PDT