Security Issues on the 3B1 LONG (was Re: Help needed with 7300)

Wed Jun 22 10:38:53 AEST 1988

In article <397 at icus.UUCP>, lenny at icus.UUCP (Lenny Tropiano) writes:
[some of my babbling left out]
...
|> 
|> 2.	EXPERT syntax for the user agent has wholes.  Login's like "tutor"
|> 	can very easily get a "shell" by creating a file in the Filecabinet
|> 	and then doing a shell-escape from "vi" with ":shell".  
|> 
|> 	[Best solution:	remove tutor login and don't rely on EXPERT]
|> 
|> 	[Fair Solution: put a password on tutor]
|> 
I stand corrected by Bob Ames (bob at rush.cts.com)...

He says, "It's even easier than that... just type /bin/sh<RETURN> into *ANY* 
office style window."

-- 
US MAIL  : Lenny Tropiano, ICUS Software Systems      IIIII  CCC U   U  SSS
           PO Box 1                                     I   C    U   U S
           Islip Terrace, New York  11752               I   C    U   U  SS 
PHONE    : (516) 968-8576 [H] (516) 582-5525 [W]        I   C    U   U    S
TELEX    : 154232428 [ICUS]                           IIIII  CCC  UUU  SSS 
AT&T MAIL: ...attmail!icus!lenny  
UUCP     : ...{talcott, boulder, pacbell, sbcs, mtune, bc-cis}!icus!lenny 

Security Issues on the 3B1 *LONG* (was Re: Help needed with 7300)

Security Issues on the 3B1 LONG (was Re: Help needed with 7300)