ACC Tigris Access Terminal Server Unauthenticated Command Execution

1999-01-03T00:00:00
ID OSVDB:267
Type osvdb
Reporter Robert Thomas(rob@RPI.NET.AU)
Modified 1999-01-03T00:00:00

Description

Vulnerability Description

ACC Tigris Terminal Server contains a flaw that may allow a malicious user to execute non-privileged commands without being authenticated. This is possible by using the undocumented username (public) and password (public). The issue is also triggered when the user presses the 'CTRL-U' or 'Backspace' key followed by any command at the login prompt. The malicious user then may execute the 'show' or telnet command resulting in a loss of confidentiality and integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):

  1. Add access entries to the the server to only allow access from authorized staff

In addition, Patrik Backstrom suggests the follow quick fix:

ADD ACCESS ENTRY <network> <netmask> 23 TELNET ADD ACCESS ENTRY <network> <netmask> 80 HTTP ADD ACCESS ENTRY <network> <netmask> 0 PUBLIC

Short Description

ACC Tigris Terminal Server contains a flaw that may allow a malicious user to execute non-privileged commands without being authenticated. This is possible by using the undocumented username (public) and password (public). The issue is also triggered when the user presses the 'CTRL-U' or 'Backspace' key followed by any command at the login prompt. The malicious user then may execute the 'show' or telnet command resulting in a loss of confidentiality and integrity.

References:

Vendor URL: http://web.archive.org/web/19990420142404/www.acc.com/ Packet Storm: http://packetstormsecurity.org/UNIX/audit/ISS/alerts/vol-3_num-4.html#acc-tigris-login Other Solution URL: http://archives.neohapsis.com/archives/bugtraq/1999_1/0032.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_1/0023.html ISS X-Force ID: 1571 CVE-1999-0383 Bugtraq ID: 183