mailing list archives
Re: Nokia firewalls
From: K2 <ktwo () KTWO CA>
Date: Mon, 27 Nov 2000 14:40:28 -0800
Sure, it was pretty late and I guess a few things were left out...
IPSO scrooge 3.2.1-fcs1 releng 849 11.24.1999-102644 i386
FW-1, 4.1 SP2.
Some people have asked why I posted a local vulnerability as well, the
reason is that the html_page cgi is running as a non-privalged user, if
you get a shell from that overflow you may need to escalate priv's... of
course the xpand (it also died from the overflow) was running as root
PS. The only contact I have for Nokia is
info.ipnetworking_americas () nokia com, I don't believe that this mailbox
would have given this information proper handling, my hope is that
somebody @ Nokia will either be on this list or somebody will know
actually how to contact this vendor. And as I allready stated, this is
a pretty low-priorty vulnerability, requireing an authenticated user.
However, if they had a ssl site or did not have clear text TELNET
authentication by default it would make me feel much better.
Hugo.van.der.Kooij () caiw nl wrote:
On Mon, 27 Nov 2000, K2 wrote:
Well I just unwrapped my shiny new Nokia IP440 integrated
Firewall-1/IDS appliance and thought to give it a once over. It appears
to be a older fBSD kernel + some firewall (checkpoint 4.1) + some IDS
(ISS) + remote admin (SSH/http).
Could you state version numbers of:
- IPSO (v3.2.1 is presumed if the box is reasonable fresh)
- FireWall-1 (build level?)
Anyhow, I just thought they may want to clean these things up...
I guess you have considered to inform the manufacturer? So why post it
here at this point?
PS: I would encourage to use normal disclosure procedures giving the
manufacturer 5 working days for such issues.
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
hvdkooij () caiw nl http://home.kabelfoon.nl/~hvdkooij/
This message has not been checked and may contain harmfull content.