![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: "Povl H. Pedersen"
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Bug in Cisco CBOS v2.3.0.053
Date: Fri, 20 Apr 2001 11:56:17 +0200
Just found a strange bug in Cisco CBOS on the Cisco 677 ADSL router.
cbos#sh ver
Cisco Broadband Operating System
CBOS (tm) 677 Software (C677-I-M), Version v2.3.0.053 - Release Software
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Feb 13 2000 17:19:50
DMT firmware version 0x2219be04
NVRAM image at 0x1032cd00
I had doing a "sh nat" with a very long listing in one telnet session.
When I telnetted from another machine, the c677 switched output to
that connection before prompting for password.
The listing would continue in whatever telnet window had the last
keypress. Also seemd to screw up something on the first terminal.
I see this as a serious security flaw.
--
_______________________________________________________________
M E T R O C O M I A
Denmark - Uganda - Malaysia - Bangladesh
Member of the Catenas Global Network
Povl H. Pedersen, CTO
E-mail: pope@metrocomia.dk
Direct phone: +45 86 76 23 49
Mobile phone: +45 40 93 55 11
Metrocomia A/S
Aaboulevarden 70,4., DK-8000 Aarhus C, Denmark
Phone: +45 86 76 23 33 - Fax: +45 86 76 23 32
URL Denmark: http://www.metrocomia.dk
URL International: http://www.metrocomia.com