Ext-Iain.KingNOKIA.COM

• Next message: Roman Drahtmueller: "Re: SuSE Linux 6.x 7.0 Ident buffer overflow"
• Previous message: Geoffrey Moon: "Re: Submission"
• Maybe in reply to: K2: "Nokia firewalls"
• Maybe reply: King, Iain: "Re: Nokia firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> PS. The only contact I have for Nokia is
> info.ipnetworking_americasnokia.com, I don't believe that this mailbox
> would have given this information proper handling, my hope is that
> somebody Nokia will either be on this list or somebody will know
> actually how to contact this vendor. And as I allready stated, this is
> a pretty low-priorty vulnerability, requireing an authenticated user.
> However, if they had a ssl site or did not have clear text TELNET
> authentication by default it would make me feel much better.

Im on this list, and though I'm not an employee of Nokia Security.. I have
informed them of your post.
I'd expect to see an official reply some time soon.

> I guess you have considered to inform the manufacturer? So why post it
> here at this point?
>
> Hugo.
>
> PS: I would encourage to use normal disclosure procedures giving the
> manufacturer 5 working days for such issues.
>

I agree completely, and I think that people should spend at least 5 minutes
looking for a contact mail..
for eg: on the nokia website, www.nokia.com theres a link to security
appliance, which contains such
address' for "Further Information".

Iain King
IM EUS Unix Specialist
Nokia Telecommunications, MPD/APAC

• Next message: Roman Drahtmueller: "Re: SuSE Linux 6.x 7.0 Ident buffer overflow"
• Previous message: Geoffrey Moon: "Re: Submission"
• Maybe in reply to: K2: "Nokia firewalls"
• Maybe reply: King, Iain: "Re: Nokia firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]