Category: Research & Alerts

VU#930956: Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem 0

VU#930956: Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem

Vulnerability Note VU#930956 Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem Original Release date: 26 Mar 2015 | Last revised: 26 Mar 2015 Overview ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple models and firmware versions of the InnGate has been shown to allow read/write access to remote unauthenticated users via a misconfigured rsync instance. Description CWE-276 : Incorrect Default Permissions The instance of rsync included with the InnGate firmware is incorrectly configured to allow the entire filesystem to be read/write without authentication

Thumbnail 0

Nmap/Google Summer of Code, (Wed, Mar 25th)

The Nmap security scanner project is participating again in its 11th Google Summer of Code. We often get queries from students on how they can get into this field, and this is an excellent way to get experience while using your powers for good. Details are available here: http://nmap.org/soc/ (c) SANS Internet Storm Center.