[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Cabletron Spectrum security vulnerability
From:       Ton Hospel <ton () ATT-UNISOURCE ! NET>
Date:       1999-06-24 14:48:13
[Download RAW message or body]

"Miscioscia, George M" wrote:
>
> Spectrum users,
>
> This statement is not entirely true...
>
> "The writable directories include those containing the Spectrum executables,
> at least one of which is, and apparently must be, run as "root" during
> normal operation of the product."
>
> Although certain directories are made writable, the SpectroSERVER executable
> need only run once as "root". It is a suggested practice to create your
> Spectrum "Administrators" and "Operators" during this initial running.  Once
> done, shut down the SpectroSERVER and then restart it as a Spectrum
> "Administrator".  Open the User Editor and destroy the "root" user
> immediately.  There is no need for its presence anymore.  The same holds
> true for Windows NT, destroy the "Administrator" model from the
> SpectroSERVER database.
>
> I was told once by a wise man that there is no such thing as computer
> security.  The only thing that you can do is try to make it as difficult as
> possible for someone to gain access.  The only true way to secure a computer
> is to shut it off and lock it in a closet.
>
Maybe.

But cabletron isn't even trying. The default access permissions on the directories
are a complete disaster. So ok, you don't run as root, but the spectrum user is wide
open to manipulation.

We basically decided not to allow ANY users (except the system administrator) shell access
on the spectrum machine due to this.

For another laugh, just telnet to the spectrum API port. You end up with a corrupted
spectrum (last tested in version 4).

[prev in list] [next in list] [prev in thread] [next in thread]