Nokia IPSO Appliances Disclose Files on the System to Remote Authenticated Users
|
|
SecurityTracker Alert ID: 1006646 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 24 2003
|
Impact: Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): Tested on 3.6-FCS6
|
Description: A vulnerability was reported in the Nokia IPSO hardened operating system for Nokia security appliances. A remote authenticated user can view files on the system.
It is reported that a remote authenticated user can use the 'readfile.tcl' script on the web management interface (Voyager) to view
files on the system.
A demonstration exploit is provided:
http://[target]/cgi-bin/readfile.tcl?file=/etc/master.passwd
Another user (Jorge Merlino) reports that this may not be a vulnerability, as only files that the authenticated user has read permissions for will be displayed.
|
Impact: A remote authenticated user can view files on the system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.nokia.com/cda1/0,1080,162,00.html (Links to External Site)
|
Cause: Access control error
|
Reported By: Jonas Eriksson <je@sekure.net>
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 23 Apr 2003 20:27:20 +0200 (CEST)
From: Jonas Eriksson <je@sekure.net>
Subject: Nokia IPSO Vulnerability
|
There is a remote security vulnerability in the Nokia IPSO operating
system.
Anyone with access to the webgui (Voyager) on the Nokia IP-box
can read any file on the system.
For example, login as the user 'monitor' (disabled by default)
and use the readfile.tcl to read any file:
http://x.x.x.x/cgi-bin/readfile.tcl?file=/etc/master.passwd
Tested on IPSO 3.6-FCS6
Regards,
Jonas Eriksson
http://sekure.net
|
|
