Bugtraq mailing list archives
Re: Nortel Contivity Vulnerability
From: billf () CHC-CHIMES COM (Bill Fumerola)
Date: Tue, 18 Jan 2000 17:04:08 -0500
On Tue, Jan 18, 2000 at 12:21:03AM +0000, foo wrote:
Nortel's new Contivity seris extranet switches (http://www.nortelnetworks.com/products/01/contivity) give administrators the ability to enable a small HTTP server and use Nortel's web based administration utility to handle configuration and maitenance. The server runs atop the VxWorks operating system and is located in the directory /system/manage. A CGI application, /system/manage/cgi/cgiproc that is used to display the administration html pages does not properly authenticate users prior to processing requests. An intruder can view any file on the switch without logging in.
As a user of the aforementioned product, its important to note that only the management side (read: your internal network) can access the HTTP server of the switch (by default, though I don't even think you can change this.) I'm not downplaying the stupidity of cgiproc, I'm just saying lets not all run and turn our contivity switches off. -- Bill Fumerola - Network Architect Computer Horizons Corp - CVM e-mail: billf () chc-chimes com / billf () FreeBSD org Office: 800-252-2421 x128 / Cell: 248-761-7272
Current thread:
- TB2 Pro sending NT passwords cleartext David Masten (Jan 16)
- Nortel Contivity Vulnerability foo (Jan 17)
- Re: Nortel Contivity Vulnerability Bill Fumerola (Jan 18)
- Re: TB2 Pro sending NT passwords cleartext William J Husler (Jan 17)
- Nortel Contivity Vulnerability foo (Jan 17)