ACC Tigris fix: "public" access without logging in

From: Patrik Backstrom (pbat_private)
Date: Tue Feb 02 1999 - 00:49:05 PST

Next message: Liam: "Re: Mirc 5.5 'DCC Server' hole"

Previous message: SGI Security Coordinator: "IRIX 6.5 Security Features"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

About a month ago, Robert Thomas <robat_private> reported a bug in the
ACC Tigris router, where you issue "public access" commands to the Tigris
from remote, without having to login. I forwarded the mail to some ACC
technicians. I havn't gotten a reply from them, but when i checked a list
of fixes, i found:

#PSR Fixed in 11.1.23.3:
<snip>
# 11010:        Security Hole.. Public access without logging in. (Ptherio)
<snip>

I tried the bug on a box running 11.1.24, and you can no longer issue
commands from the login prompt.

The funny thing is - the 11.1.23.4 software is dated 12/20/98, which means
the bug was fixed before the post to bugtraq.

/pb

            [ Boycott Microsoft -- http://www.vcnet.com/bms ]

Next message: Liam: "Re: Mirc 5.5 'DCC Server' hole"
Previous message: SGI Security Coordinator: "IRIX 6.5 Security Features"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:10 PDT