Bugtraq mailing list archives
Nokia IPSO Vulnerability
From: Jonas Eriksson <je () sekure net>
Date: Wed, 23 Apr 2003 20:27:20 +0200 (CEST)
There is a remote security vulnerability in the Nokia IPSO operating system. Anyone with access to the webgui (Voyager) on the Nokia IP-box can read any file on the system. For example, login as the user 'monitor' (disabled by default) and use the readfile.tcl to read any file: http://x.x.x.x/cgi-bin/readfile.tcl?file=/etc/master.passwd Tested on IPSO 3.6-FCS6 Regards, Jonas Eriksson http://sekure.net
Current thread:
- Nokia IPSO Vulnerability Jonas Eriksson (Apr 24)
- RE: Nokia IPSO Vulnerability Jorge Merlino (Apr 24)
- Re: Nokia IPSO Vulnerability Damieon Stark (Apr 24)
- Re: Nokia IPSO Vulnerability Shawn Duffy (Apr 24)
- Re: Nokia IPSO Vulnerability Valdis . Kletnieks (Apr 24)
- RE: Nokia IPSO Vulnerability Jorge Merlino (Apr 24)
- Re: Nokia IPSO Vulnerability Damieon Stark (Apr 24)
- <Possible follow-ups>
- RE: Nokia IPSO Vulnerability Miller, Rick (Apr 24)
- RE: Nokia IPSO Vulnerability Iain.King (Apr 24)
- RE: Nokia IPSO Vulnerability Jorge Merlino (Apr 24)