Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: xyplex2.htm

Xyplex Terminal Server problems



Vulnerability

    xyplex

Affected

    Xyplex Terminal Server

Description

    Another problem  was pointed  out regarding  xyplex by  Matthew G.
    Harrigan.  You may face  problem that will lead people  getting in
    with "guest" access to  your modempool.  Here's  little background
    on the ENV of story.  Guest access dropped people to a prompt  and
    let them go anywhere  in domain, but no  where else.  This  was so
    people could access library of domain  and such.  It was used  the
    script  services  of  the  Xyplex  Terminal  server  to allow this
    "guest" access and  to setup their  permissions.  BUT,  when guest
    access was turned off, people  were still getting in by  putting a
    "/" anywhere in the login name.  Example:

        Username:name/ssn

    The terminal server would attempt to get a script from the  script
    server that you have defined (if you are using scripts).  When  an
    attempt is made to get a  script, it first tries (using the  above
    example) "/tftpboot/name/ssn/login", if that doesn't work it backs
    off one directory.  Instead of trying /tftpboot/login (taking  out
    the   login   name   of   "name/ssn"   it   only   backs   off  to
    /tftpboot/name/login).    After   this   failure   it   assumes  a
    misconfiguration, gives a script server timeout(?) error and gives
    the person default access.

    It does this so that you can setup special logins that auto-telnet
    to certain hosts or  somesuch.  Its a  great feature, but when  it
    fails it does not correctly retry like it does, its a menace.   In
    order, it searches for a login script like this:

        1. searches for "/tftpboot/loginname/login"
        2. removes the loginname portion of "/loginname"
        3. searches for "/tftpboot/login"  <-- which exists and runs
                                               correctly for us.

    However, if you put a / in the login name it does this:

        1. searches for "/tftpboot/login/name/login"
        2. removes only "/name" not "/login/name" like it should
        3. searches for "/tftpboot/login/login"
        4. dies with script error and if not "required" gives a person
           default access.

    Note that this is only if you have:

        DEFINE PORT ports SCRIPT LOGIN ENABLED

Solution

    If instead you use:

        DEFINE PORT ports SCRIPT LOGIN REQUIRED

    the same thing happens only the user does not get default  access,
    instead they are logged out.  This a bug in the xyplex code  where
    it assumes the  directory and file  to tftp is  part of the  login
    name, but doesn't correctly  "back-off" using the full  login name
    (only up to the "/") and trying again.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH