About a month ago, Robert Thomas <robat_private> reported a bug in the ACC Tigris router, where you issue "public access" commands to the Tigris from remote, without having to login. I forwarded the mail to some ACC technicians. I havn't gotten a reply from them, but when i checked a list of fixes, i found: #PSR Fixed in 11.1.23.3: <snip> # 11010: Security Hole.. Public access without logging in. (Ptherio) <snip> I tried the bug on a box running 11.1.24, and you can no longer issue commands from the login prompt. The funny thing is - the 11.1.23.4 software is dated 12/20/98, which means the bug was fixed before the post to bugtraq. /pb [ Boycott Microsoft -- http://www.vcnet.com/bms ]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:10 PDT