Date: Tue, 2 Feb 1999 09:49:05 +0100
From: Patrik Backstrom <[email protected]>
To: [email protected]Subject: ACC Tigris fix: "public" access without logging in
About a month ago, Robert Thomas <[email protected]> reported a bug in the
ACC Tigris router, where you issue "public access" commands to the Tigris
from remote, without having to login. I forwarded the mail to some ACC
technicians. I havn't gotten a reply from them, but when i checked a list
of fixes, i found:
#PSR Fixed in 11.1.23.3:
<snip>
# 11010: Security Hole.. Public access without logging in. (Ptherio)
<snip>
I tried the bug on a box running 11.1.24, and you can no longer issue
commands from the login prompt.
The funny thing is - the 11.1.23.4 software is dated 12/20/98, which means
the bug was fixed before the post to bugtraq.
/pb
[ Boycott Microsoft -- http://www.vcnet.com/bms ]
