[13437] in bugtraq
Re: Nortel Contivity Vulnerability
daemon@ATHENA.MIT.EDU (Bill Fumerola)
Wed Jan 19 16:52:47 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000118170408.E23093@jade.chc-chimes.com>
Date: Tue, 18 Jan 2000 17:04:08 -0500
Reply-To: Bill Fumerola <billf@CHC-CHIMES.COM>
From: Bill Fumerola <billf@CHC-CHIMES.COM>
X-To: foo <foo@BLACKLISTED.INTRANOVA.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSF.4.10.10001172335290.44367-100000@blacklisted.intranova.net>; from foo@BLACKLISTED.INTRANOVA.NET
on Tue, Jan 18, 2000 at 12:21:03AM +0000
On Tue, Jan 18, 2000 at 12:21:03AM +0000, foo wrote:
> Nortel's new Contivity seris extranet switches
> (http://www.nortelnetworks.com/products/01/contivity) give administrators
> the ability to enable a small HTTP server and use Nortel's web based
> administration utility to handle configuration and maitenance.
> The server runs atop the VxWorks operating system and is located in the
> directory /system/manage. A CGI application, /system/manage/cgi/cgiproc
> that is used to display the administration html pages does not properly
> authenticate users prior to processing requests. An intruder can
> view any file on the switch without logging in.
As a user of the aforementioned product, its important to note that
only the management side (read: your internal network) can access
the HTTP server of the switch (by default, though I don't even think
you can change this.)
I'm not downplaying the stupidity of cgiproc, I'm just saying lets not
all run and turn our contivity switches off.
--
Bill Fumerola - Network Architect
Computer Horizons Corp - CVM
e-mail: billf@chc-chimes.com / billf@FreeBSD.org
Office: 800-252-2421 x128 / Cell: 248-761-7272
