File: 100000112.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (68 lines) | stat: -rw-r--r-- 1,152 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
Rule: 

--
Sid: 
100000112

-- 
Summary: 
This event is generated when the readfile.tcl script on a Nokia IPSO device is 
accessed.

-- 

Impact: 
Since the script does not perform any input validation, users can read any file 
on the host operating system for which the script has permissions. 

--
Detailed Information:
An attacker may specify any file on the host operating system, and if the 
script has read permissions for that file, it will be displayed in the web 
browser. Users must be able to log into the Nokia web gui to perform this 
attack.

--
Affected Systems:
Nokia IPSO 3.3 SP4
Nokia IPSO 3.3 SP3
Nokia IPSO 3.3 SP2
Nokia IPSO 3.3 SP1
Nokia IPSO 3.3
Nokia IPSO 3.3.1
Nokia IPSO 3.4
Nokia IPSO 3.4.1
Nokia IPSO 3.4.2

--

Attack Scenarios: 
This vulnerability may be exploited using a web browser, or an automated script.

-- 

Ease of Attack: 
Simple, as attacks may be performed via a web browser.

-- 

False Positives:
None Known.

--
False Negatives:
None Known.

-- 

Corrective Action: 
Currently, no workarounds or patches are available.

--
Contributors: 
Alex Kirk <alex.kirk@sourcefire.com>

-- 
Additional References:

--