Nokia Voyager Web Admin Server Long URL Overflow

2000-12-04T00:00:00
ID OSVDB:6020
Type osvdb
Reporter K2(ktwo@ktwo.ca)
Modified 2000-12-04T00:00:00

Description

Vulnerability Description

Nokia's IP440 integrated Firewall-1/IDS contains a flaw that may allow a remote denial of service. By sending a malformed URL consisting of a very large number of characters ( 6000+ characters) to the Voyager web-based management interface of a Nokia platform, a remote attacker can overflow a buffer and cause segatement fault. This flaw pontentially allows arbitrary code execution and will result in loss of confidentiality, integrity and availability.

Solution Description

Upgrade IP440 IPSO (Nokia's OS) to version 3.3 or higher, as it has been reported to fix this vulnerability. The workarounds provided by Ed Ingber are also available.

Short Description

Nokia's IP440 integrated Firewall-1/IDS contains a flaw that may allow a remote denial of service. By sending a malformed URL consisting of a very large number of characters ( 6000+ characters) to the Voyager web-based management interface of a Nokia platform, a remote attacker can overflow a buffer and cause segatement fault. This flaw pontentially allows arbitrary code execution and will result in loss of confidentiality, integrity and availability.

Manual Testing Notes

http://127.0.0.1/cgi-bin/html_page?(Ax6000)&TEMPLATE=main

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-12/0041.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-11/0350.html ISS X-Force ID: 5640 CVE-2001-0299 Bugtraq ID: 2054