Path: utzoo!utgpu!water!watmath!clyde!att!mtunx!icus!lenny
From: lenny@icus.UUCP (Lenny Tropiano)
Newsgroups: comp.sys.att
Subject: Re: Security Issues on the 3B1 *LONG* (was Re: Help needed with 7300)
Summary: I stand corrected...
Message-ID: <400@icus.UUCP>
Date: 22 Jun 88 00:38:53 GMT
References: <5997@uwmcsd1.UUCP> <9300074@bradley> <742@rush.cts.com> <397@icus.UUCP>
Organization: ICUS Software Systems, Islip, New York
Lines: 25

In article <397@icus.UUCP>, lenny@icus.UUCP (Lenny Tropiano) writes:
[some of my babbling left out]
...
|> 
|> 2.	EXPERT syntax for the user agent has wholes.  Login's like "tutor"
|> 	can very easily get a "shell" by creating a file in the Filecabinet
|> 	and then doing a shell-escape from "vi" with ":shell".  
|> 
|> 	[Best solution:	remove tutor login and don't rely on EXPERT]
|> 
|> 	[Fair Solution: put a password on tutor]
|> 
I stand corrected by Bob Ames (bob@rush.cts.com)...

He says, "It's even easier than that... just type /bin/sh into *ANY* 
office style window."

-- 
US MAIL  : Lenny Tropiano, ICUS Software Systems      IIIII  CCC U   U  SSS
           PO Box 1                                     I   C    U   U S
           Islip Terrace, New York  11752               I   C    U   U  SS 
PHONE    : (516) 968-8576 [H] (516) 582-5525 [W]        I   C    U   U    S
TELEX    : 154232428 [ICUS]                           IIIII  CCC  UUU  SSS 
AT&T MAIL: ...attmail!icus!lenny  
UUCP     : ...{talcott, boulder, pacbell, sbcs, mtune, bc-cis}!icus!lenny