COMMAND
Xyplex
SYSTEMS AFFECTED
Those running Xyplex terminal server
PROBLEM
Aleksandr Pilosov has found Xyplex terminal server bug. If
terminal server configured for RADIUS authentication, PPP/CHAP and
AutoProtocolDetect, typing Ctrl-Z in username> prompt will drop
you directly to command line, as if you logged in correctly.
This will not work to get past 'enable' password, though.
There is no information if Xyplex fixed that bug yet, but at least
the following version of software is affected: TS/720 V6.0.1S1
Rom 4C0000 HW 00.02.01 Lat Protocol V5.2
Hardware Type: 76
Hardware Revision: 00.02.01
Midplane Type: SwitchPlane
Rom Revision: 4C0000
Software Type: Terminal Server Level 4
Software Revision: V6.0.1S1
Protocol Type: LAT, TELNET, RLOGIN, TN3270, SNMP, PPP
Matthew G. Harrigan added following. The ctl-z concept can also
be applied by simply entering a "?" at the 'Username:' prompt.
Two things happen:
1. The logged in user information is set to "???", which leads to
believe that with some creativity and/or source code,
unauthorized (resource challenged) users may be able to force
an administrative shell.
2. You are dropped into the command shell in which you are able
to utilize all the client programs (i.e. rsh, telnet, etc..).
SOLUTION
New info expected. If you have this terminal server - test it.
If you find yourself vulnerable to these attack, contact your
vendor for more information how to protect yourself.
Not tested to see if this fix problem, but perhaps if you try
"REQUIRED"ing whatever option you have turned on instead of just
"ENABLED"ing it, this may fix your problem. If radius is enabled
and a person enters an invalid login/password sequence and radius
fails authentication then it works properly, but if radius just
fails with another type of error and since radius is only enabled,
not required, you get default access (whatever that may be?).