[10128] in bugtraq
Re: Xylan OmniSwitch "features"
daemon@ATHENA.MIT.EDU (Chris Sterling)
Wed Apr 7 16:59:30 1999
Date: Tue, 6 Apr 1999 17:36:23 -0500
Reply-To: Chris Sterling <lemmy@EAZE.NET>
From: Chris Sterling <lemmy@EAZE.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <002601be7fed$2fdad5c0$02c5d9d1@willp-adsl2.dreamscape.com>
The telnet bug does work on 3.1.9
--------------------------------
Chris Sterling
System Administrator
EazeNet
lemmy@eaze.net
Office: 817-557-3038
Fax: 817-557-3468
On Tue, 6 Apr 1999, willp2 wrote:
> I tested this on Xylan's 3.2.5 code.
> I could not reproduce the bug.
>
>
> -----Original Message-----
> From: pmsac@TOXYN.ORG <pmsac@TOXYN.ORG>
> To: BUGTRAQ@netspace.org <BUGTRAQ@netspace.org>
> Date: Monday, April 05, 1999 1:34 PM
> Subject: Re: Xylan OmniSwitch "features"
>
>
>
> To put things real clear, and as I said in the original post:
>
> -quote-
> This was tested on software version 3.1.8 (the latest I can access).
> -end quote-
>
> Although I said the user could login/ftp without knowing either user or
> password strings, I _didn't_ said it would be just a matter of
> entering random characters and pressing carriage return (that would be
> a really funny one, but hey, it's not much further from the real thing).
>
>
> - copy & paste ---------------------------------------------------------
> [pmsac@localhost pmsac]$ telnet switch
> Trying www.xxx.yyy.zzz...
> Connected to www.xxx.yyy.zzz.
> Escape character is '^]'.
>
>
>
> Welcome to the Xylan OmniSwitch! Version 3.1.8
> login : ajsdkal
> password:
>
> **********************************************************************
>
> Xylan OmniSwitch - Copyright (c), 1994-1998 XYLAN Inc.
> All rights reserved.
> -end copy & paste ------------------------------------------------------
>
> When you get the password prompt, just press ctrl+d (^D), the user
> string is arbitrary. You won't get privileges to run any command, not
> even the "exit" one, you have to close the connection "manually".
>
