Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: Re: Nokia firewalls
From: K2 (ktwoKTWO.CA)
Date: Mon Nov 27 2000 - 16:40:28 CST

Sure, it was pretty late and I guess a few things were left out...

IPSO scrooge 3.2.1-fcs1 releng 849 11.24.1999-102644 i386
FW-1, 4.1 SP2.

Some people have asked why I posted a local vulnerability as well, the
reason is that the html_page cgi is running as a non-privalged user, if
you get a shell from that overflow you may need to escalate priv's... of
course the xpand (it also died from the overflow) was running as root
though :)


PS. The only contact I have for Nokia is
info.ipnetworking_americasnokia.com, I don't believe that this mailbox
would have given this information proper handling, my hope is that
somebody Nokia will either be on this list or somebody will know
actually how to contact this vendor. And as I allready stated, this is
a pretty low-priorty vulnerability, requireing an authenticated user.
However, if they had a ssl site or did not have clear text TELNET
authentication by default it would make me feel much better.

Hugo.van.der.Kooijcaiw.nl wrote:
> On Mon, 27 Nov 2000, K2 wrote:
> > Well I just unwrapped my shiny new Nokia IP440 integrated
> > Firewall-1/IDS appliance and thought to give it a once over. It appears
> > to be a older fBSD kernel + some firewall (checkpoint 4.1) + some IDS
> > (ISS) + remote admin (SSH/http).
> Could you state version numbers of:
> - IPSO (v3.2.1 is presumed if the box is reasonable fresh)
> - FireWall-1 (build level?)
> ...
> > Anyhow, I just thought they may want to clean these things up...
> Hmm.
> I guess you have considered to inform the manufacturer? So why post it
> here at this point?
> Hugo.
> PS: I would encourage to use normal disclosure procedures giving the
> manufacturer 5 working days for such issues.
> --
> Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
> hvdkooijcaiw.nl http://home.kabelfoon.nl/~hvdkooij/
> --------------------------------------------------------------
> This message has not been checked and may contain harmfull content.