RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances

[hellNbak <hellnbak () nmrc org>]

On Thu, 21 Mar 2002, Rouland, Chris (ISSAtlanta) wrote:
> Please confirm that you are able to exploit this, without root accesss to
> the IPSO box.


Chris, if I set up my own console, why would I need root access to the
IPSO box?  If I simply set my machine name to starscream and my user to
skank I am able to connect and push new keys generated by my console.

I am unsure why you would post that "NMRC is unable to confirm that this
can be exploited" without actually talking to me first.  I just tested it,
a second time, and yes, you can connect via the console and root access on
the Nokia box is not an issue.  The console connects to the control
chanell and allows me to push new keys down using the deployment wizard
which then allows me to set my new console as the "master controller" and
gather alerts, modify policied etc...