Nokia IP440 Remote Denial of Service Vulnerability
BID:2054
Info
Nokia IP440 Remote Denial of Service Vulnerability
| Bugtraq ID: | 2054 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Dec 04 2000 12:00AM |
| Updated: | Dec 04 2000 12:00AM |
| Credit: | Reported to bugtraq by K2 < [email protected] > on Mon Nov 27 2000. |
| Vulnerable: |
Nokia IP440 |
| Not Vulnerable: | |
Solution / Fix
Nokia IP440 Remote Denial of Service Vulnerability
Solution:
Excerpted from advisory (Ed Ingber <[email protected]>) posted on Mon, 4 Dec 2000:
This low-priority vulnerability will be fixed in the next scheduled release of IPSO (Nokia's OS)
Recommendations:
1. Do not allow Voyager access from untrusted networks (e.g. the Internet).
2. Use good generally accepted practice regarding password selection and confidentiality (as always).
3. Consider disabling monitor (read-only administrator) access.
4. Use the provided SSH with port redirection (IPSO 3.2.1 and earlier) or embedded SSL (IPSO 3.3 and later) to encrypt http traffic to Voyager to prevent an attacker from eavesdropping to hear the password.
Solution:
Excerpted from advisory (Ed Ingber <[email protected]>) posted on Mon, 4 Dec 2000:
This low-priority vulnerability will be fixed in the next scheduled release of IPSO (Nokia's OS)
Recommendations:
1. Do not allow Voyager access from untrusted networks (e.g. the Internet).
2. Use good generally accepted practice regarding password selection and confidentiality (as always).
3. Consider disabling monitor (read-only administrator) access.
4. Use the provided SSH with port redirection (IPSO 3.2.1 and earlier) or embedded SSL (IPSO 3.3 and later) to encrypt http traffic to Voyager to prevent an attacker from eavesdropping to hear the password.
References
Nokia IP440 Remote Denial of Service Vulnerability
References:
References: