Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Nortel Contivity Vulnerability
From: billf () CHC-CHIMES COM (Bill Fumerola)
Date: Tue, 18 Jan 2000 17:04:08 -0500

On Tue, Jan 18, 2000 at 12:21:03AM +0000, foo wrote:


Nortel's new Contivity seris extranet switches
(http://www.nortelnetworks.com/products/01/contivity) give administrators
the ability to enable a small HTTP server and use Nortel's web based
administration utility to handle configuration and maitenance.
The server runs atop the VxWorks operating system and is located in the
directory /system/manage. A CGI application, /system/manage/cgi/cgiproc
that is used to display the administration html pages does not properly
authenticate users prior to processing requests. An intruder can
view any file on the switch without logging in.


As a user of the aforementioned product, its important to note that
only the management side (read: your internal network) can access
the HTTP server of the switch (by default, though I don't even think
you can change this.)

I'm not downplaying the stupidity of cgiproc, I'm just saying lets not
all run and turn our contivity switches off.

--
Bill Fumerola - Network Architect
Computer Horizons Corp - CVM
e-mail: billf () chc-chimes com / billf () FreeBSD org
Office: 800-252-2421 x128 / Cell: 248-761-7272

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]