The telnet bug does work on 3.1.9 -------------------------------- Chris Sterling System Administrator EazeNet lemmyat_private Office: 817-557-3038 Fax: 817-557-3468 On Tue, 6 Apr 1999, willp2 wrote: > I tested this on Xylan's 3.2.5 code. > I could not reproduce the bug. > > > -----Original Message----- > From: pmsacat_private <pmsacat_private> > To: BUGTRAQat_private <BUGTRAQat_private> > Date: Monday, April 05, 1999 1:34 PM > Subject: Re: Xylan OmniSwitch "features" > > > > To put things real clear, and as I said in the original post: > > -quote- > This was tested on software version 3.1.8 (the latest I can access). > -end quote- > > Although I said the user could login/ftp without knowing either user or > password strings, I _didn't_ said it would be just a matter of > entering random characters and pressing carriage return (that would be > a really funny one, but hey, it's not much further from the real thing). > > > - copy & paste --------------------------------------------------------- > [pmsac@localhost pmsac]$ telnet switch > Trying www.xxx.yyy.zzz... > Connected to www.xxx.yyy.zzz. > Escape character is '^]'. > > > > Welcome to the Xylan OmniSwitch! Version 3.1.8 > login : ajsdkal > password: > > ********************************************************************** > > Xylan OmniSwitch - Copyright (c), 1994-1998 XYLAN Inc. > All rights reserved. > -end copy & paste ------------------------------------------------------ > > When you get the password prompt, just press ctrl+d (^D), the user > string is arbitrary. You won't get privileges to run any command, not > even the "exit" one, you have to close the connection "manually". >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:40 PDT