BugTraq
Nokia IPSO Vulnerability Apr 23 2003 06:27PM
Jonas Eriksson (je sekure net) (1 replies)


There is a remote security vulnerability in the Nokia IPSO operating
system.

Anyone with access to the webgui (Voyager) on the Nokia IP-box
can read any file on the system.

For example, login as the user 'monitor' (disabled by default)
and use the readfile.tcl to read any file:

http://x.x.x.x/cgi-bin/readfile.tcl?file=/etc/master.passwd

Tested on IPSO 3.6-FCS6

Regards,
Jonas Eriksson
http://sekure.net

[ reply ]
RE: Nokia IPSO Vulnerability Apr 24 2003 04:32PM
Jorge Merlino (jmerlino easynet com uy) (2 replies)
Re: Nokia IPSO Vulnerability Apr 24 2003 06:34PM
Damieon Stark (visigoth securitycentric com) (1 replies)
Re: Nokia IPSO Vulnerability Apr 24 2003 10:23PM
Shawn Duffy (pakkit codepiranha org)
Re: Nokia IPSO Vulnerability Apr 24 2003 05:43PM
Valdis Kletnieks vt edu (1 replies)
RE: Nokia IPSO Vulnerability Apr 24 2003 06:49PM
Jorge Merlino (jmerlino easynet com uy)


 

Privacy Statement
Copyright 2010, SecurityFocus