Bugtraq mailing list archives
Geac ADVANCE library system security HOLE
From: a98-4113 () AMALIA EE UPATRAS GR (GAVRILIS DIMITR)
Date: Thu, 2 Apr 1998 10:04:26 EET
Gavrilis Dimitris (a98-4113 () ee upatras gr), student (freshman) at: ***************************************************************************** Electrical & Computer Engineering Department University of Patras, Greece ***************************************************************************** ==> This is the first time i write to BUGTRAQ. Excuse me if this has been ==> reported in the past or if it's too lame. While i was messing around with a Univeristy Library system (specifically a Geac ADVANCE (3.01) ) i was trying to shell out to UNIX (Geac Computer Corporation Limited is a company that makes UNIX based library automation systems for public, academic, and special libraries. For more information you can visit their website at http://www.geac.com) i tried some control characters and i noticed that if you press "CTRL-v", the library system shells out to some environment with a "::" prompt (i haven't tried to figure out what it is.). Then i tried some commands like "LS", "HELP", "CD" ... NO LUCK. Anyway, if you type "Q" the system shells you somewhere else with a ">" prompt.
From there you can do many things like type "HELP" to get some help on the
system or you can try "HELP *" to see the hole manual!!! There are commands like "CHDIR" to change the current UNIX directory, or the "AVAIL" command to view the available disk space on the system. If you wanna exit the program and return to a UNIX envrinoment you can use the "QUIT" command but this one usually doesn't work (notice that you can get help on all these commands with the "HELP <COMMAND>"). Instead, you can use the "SH" or the "CSH" command to invoke a UNIX shell !!! This is very cool because you can obtain unauthorized access of the system. You can find Geac ADVANCE Library system usually on universities. I tried to do the same on a another version of the current program but it didn't work. I don't know if there is a fix on the current version. If there have been any reports in the past concerning the same hole, please mail to: BUGTRAQ () NETSPACE ORG / or to: a98-4113 () ee upatras gr . :-) Live Long & Prosper (-:
Current thread:
- Re: (Q) Sun Rpcbind problem., (continued)
- Re: (Q) Sun Rpcbind problem. Casper Dik (Apr 10)
- Wietse's RPCBIND Wietse Venema (Apr 10)
- announce: weaken for netscape !! (fwd) Ken Williams (Apr 10)
- Communicator exploits Fernand Portela (Apr 10)
- Sun rpcbind Nicolas Dubee (Apr 10)
- Re: Sun rpcbind Aaron Bornstein (Apr 10)
- QW vulnerability Glenn F. Maynard (Apr 07)
- AppleShare IP Mail Server Chris Wedgwood (Apr 07)
- Re: AppleShare IP Mail Server David Luyer (Apr 07)
- Re: AppleShare IP Mail Server James W. Abendschan (Apr 07)
- Geac ADVANCE library system security HOLE GAVRILIS DIMITR (Apr 02)
- Re: Geac ADVANCE library system security HOLE Damian Kelly (Apr 03)
- Announce : Nessus Alpha 1 Renaud Deraison (Apr 04)
- mailrc and pine security holes Michal Zalewski (Apr 05)
- ICQ Spoofer Seth McGann (Apr 05)
- Re: BSD coredumps follow symlinks Nir Soffer (Apr 02)
- Security hole in TMS/SMS standby (Apr 03)
- BSD coredumps follow symlinks Ronny Cook (Apr 02)
- Re: BSD coredumps follow symlinks Ronny Cook (Apr 05)
- QuakeI server serious hole (yawn) Chris Evans (Apr 06)
- The ICQ exploitation Center - www.wpi.edu/~smm/icq Seth McGann (Apr 06)