Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_1

Bugtraq archives for 1st quarter (Jan-Mar) 1999: ACC Tigris fix: "public" access without logging in

ACC Tigris fix: "public" access without logging in

Patrik Backstrom (pbTECHNO.ORG)
Tue, 2 Feb 1999 09:49:05 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Liam: "Re: Mirc 5.5 'DCC Server' hole"
Previous message: SGI Security Coordinator: "IRIX 6.5 Security Features"

About a month ago, Robert Thomas <robRPI.NET.AU> reported a bug in the
ACC Tigris router, where you issue "public access" commands to the Tigris
from remote, without having to login. I forwarded the mail to some ACC
technicians. I havn't gotten a reply from them, but when i checked a list
of fixes, i found:

#PSR Fixed in 11.1.23.3:
<snip>
# 11010:        Security Hole.. Public access without logging in. (Ptherio)
<snip>

I tried the bug on a box running 11.1.24, and you can no longer issue
commands from the login prompt.

The funny thing is - the 11.1.23.4 software is dated 12/20/98, which means
the bug was fixed before the post to bugtraq.

/pb

            [ Boycott Microsoft -- http://www.vcnet.com/bms ]

Next message: Liam: "Re: Mirc 5.5 'DCC Server' hole"
Previous message: SGI Security Coordinator: "IRIX 6.5 Security Features"