PROBLEM DESCRIPTION: ==================== Some looking glasses (they are many) pass control chars through the user interface to the router. Result: ======= User may receive remote access to you router and issue commands under the user of your looking glass. All information that regular user (or the looking glass user may obtain) are avaialble including sh in sh ver sh route-map sh access-l sh traffic-shape sh log whatever sensetive the looking glass user has access to. WHO IS AFFECTED =============== Not all looking glasses are affected. If you issue [some control chars] for example to the looking glass prompt box and receive "invalid autocommand ...." you are not affected, but if you receive the prompt of the router, or the resulted command, you are affected. FIX === Exclude the commands, looking glass user should not issue from the current priv level of the cisco router. The latter has been commented on this list. There are maybe others, like changeing the source of the looking glass. Zvezdelin Vladov __________________________________________________ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com
This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 15:41:39 PDT