Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Nokia firewalls
From: K2 <ktwo () KTWO CA>
Date: Mon, 27 Nov 2000 14:40:28 -0800
Sure, it was pretty late and I guess a few things were left out...

IPSO scrooge 3.2.1-fcs1 releng 849  11.24.1999-102644 i386
FW-1, 4.1 SP2.

Some people have asked why I posted a local vulnerability as well, the
reason is that the html_page cgi is running as a non-privalged user, if
you get a shell from that overflow you may need to escalate priv's... of
course the xpand (it also died from the overflow) was running as root
though :)

Thanks
K2

PS. The only contact I have for Nokia is
info.ipnetworking_americas () nokia com, I don't believe that this mailbox
would have given this information proper handling, my hope is that
somebody @ Nokia will either be on this list or somebody will know
actually how to contact this vendor.  And as I allready stated, this is
a pretty low-priorty vulnerability, requireing an authenticated user.
However, if they had a ssl site or did not have clear text TELNET
authentication by default it would make me feel much better.


Hugo.van.der.Kooij () caiw nl wrote:


On Mon, 27 Nov 2000, K2 wrote:


      Well I just unwrapped my shiny new Nokia IP440 integrated
Firewall-1/IDS appliance and thought to give it a once over. It appears
to be a older fBSD kernel + some firewall (checkpoint 4.1) + some IDS
(ISS) + remote admin (SSH/http).


Could you state version numbers of:
 - IPSO (v3.2.1 is presumed if the box is reasonable fresh)
 - FireWall-1 (build level?)

...


Anyhow, I just thought they may want to clean these things up...


Hmm.

I guess you have considered to inform the manufacturer? So why post it
here at this point?

Hugo.

PS: I would encourage to use normal disclosure procedures giving the
manufacturer 5 working days for such issues.

--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () caiw nl        http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
This message has not been checked and may contain harmfull content.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]