Telecat BBS 'Next Board' Command BASIC Access

1985-01-01T22:17:43
ID OSVDB:14901
Type osvdb
Reporter OSVDB
Modified 1985-01-01T22:17:43

Description

Vulnerability Description

Telecat BBS contains a flaw that may allow a malicious user to gain access to the BASIC interpreter. The issue occurs when a user performs a 'newscan' for the last board accessable, then types 'B' at the command prompt. Instead of advancing them to the next threat, Telecat may drop the user into the BASIC interpreter where any commands they issue will be executed, or it will advance them to the next thread regardless of security levels potentially disclosing private messages.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Telecat BBS contains a flaw that may allow a malicious user to gain access to the BASIC interpreter. The issue occurs when a user performs a 'newscan' for the last board accessable, then types 'B' at the command prompt. Instead of advancing them to the next threat, Telecat may drop the user into the BASIC interpreter where any commands they issue will be executed, or it will advance them to the next thread regardless of security levels potentially disclosing private messages.

References:

Generic Informational URL: http://software.bbsdocumentary.com/APPLE/II/TELECAT/