This article is more than 1 year old

Sierra Wireless manager spaffs logs to World+Dog

There's no authorisation on filteredlogs.txt

Sierra Wireless has disclosed a bug in its ACEmanager application that manages its wireless kit, but carelessly leaves log files lying around for anyone to see.

Described at ICS-CERT here, the first reaction to the disclosure might be “yeah, but it's only a little bug”.

Consider, however, whether log files can contain information useful to attackers.

Sierra's answer is "yes", because the advisory notes “an attacker may be able to learn operational characteristics of the gateway”. Among the possible learnings are the boot sequence of a device managed by the software.

Any device running ALEOS 4.4.2 and earlier from the following list are affected: LS300, GX400, GX440, ES440, GX450, and ES450.

The file – filteredlogs.txt – persists until reboot, or until the logfile is reloaded by the application.

Sierra has pushed out a patch here. ®

More about

TIP US OFF

Send us news


Other stories you might like