[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.BSO.4.44.0304232020150.13010-100000@birdie.sekure.net>
Date: Wed, 23 Apr 2003 20:27:20 +0200 (CEST)
From: Jonas Eriksson <je@...ure.net>
To: bugtraq@...urityfocus.com
Subject: Nokia IPSO Vulnerability
There is a remote security vulnerability in the Nokia IPSO operating
system.
Anyone with access to the webgui (Voyager) on the Nokia IP-box
can read any file on the system.
For example, login as the user 'monitor' (disabled by default)
and use the readfile.tcl to read any file:
http://x.x.x.x/cgi-bin/readfile.tcl?file=/etc/master.passwd
Tested on IPSO 3.6-FCS6
Regards,
Jonas Eriksson
http://sekure.net
Powered by blists - more mailing lists