[17811] in bugtraq
Re: Nokia firewalls
daemon@ATHENA.MIT.EDU (K2)
Tue Nov 28 14:47:02 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3A22E2DC.F8EF5AA3@ktwo.ca>
Date: Mon, 27 Nov 2000 14:40:28 -0800
Reply-To: K2 <ktwo@KTWO.CA>
From: K2 <ktwo@KTWO.CA>
X-To: Hugo.van.der.Kooij@caiw.nl
To: BUGTRAQ@SECURITYFOCUS.COM
Sure, it was pretty late and I guess a few things were left out...
IPSO scrooge 3.2.1-fcs1 releng 849 11.24.1999-102644 i386
FW-1, 4.1 SP2.
Some people have asked why I posted a local vulnerability as well, the
reason is that the html_page cgi is running as a non-privalged user, if
you get a shell from that overflow you may need to escalate priv's... of
course the xpand (it also died from the overflow) was running as root
though :)
Thanks
K2
PS. The only contact I have for Nokia is
info.ipnetworking_americas@nokia.com, I don't believe that this mailbox
would have given this information proper handling, my hope is that
somebody @ Nokia will either be on this list or somebody will know
actually how to contact this vendor. And as I allready stated, this is
a pretty low-priorty vulnerability, requireing an authenticated user.
However, if they had a ssl site or did not have clear text TELNET
authentication by default it would make me feel much better.
Hugo.van.der.Kooij@caiw.nl wrote:
>
> On Mon, 27 Nov 2000, K2 wrote:
>
> > Well I just unwrapped my shiny new Nokia IP440 integrated
> > Firewall-1/IDS appliance and thought to give it a once over. It appears
> > to be a older fBSD kernel + some firewall (checkpoint 4.1) + some IDS
> > (ISS) + remote admin (SSH/http).
>
> Could you state version numbers of:
> - IPSO (v3.2.1 is presumed if the box is reasonable fresh)
> - FireWall-1 (build level?)
>
> ...
>
> > Anyhow, I just thought they may want to clean these things up...
>
> Hmm.
>
> I guess you have considered to inform the manufacturer? So why post it
> here at this point?
>
> Hugo.
>
> PS: I would encourage to use normal disclosure procedures giving the
> manufacturer 5 working days for such issues.
>
> --
> Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
> hvdkooij@caiw.nl http://home.kabelfoon.nl/~hvdkooij/
> --------------------------------------------------------------
> This message has not been checked and may contain harmfull content.
