Bugtraq mailing list archives
Re: Possible issue with Cisco on-line help?
From: fsmontenegro () INAME COM (Fernando Montenegro)
Date: Thu, 4 May 2000 12:04:30 -0000
Hi! I have received information from Matti Saarinen <mjs () cc tut fi> explaining how the on-line help can be configured to show all the commands available (see below). This explains the apparent lack of authorization control over the "show" options. It seems that the only issue left is that there is so much information available from the non-enabled account.I would think that, on account of that, the recommendation for "jailing" the user still applies, though. Cheers, Fernando Extracts from the message received from Matti Saarinen <mjs () cc tut fi>:
Router2>show ?> backup Backup status cef Cisco Express Forwarding clock Display the system clock dialer Dialer parameters and statistics flash: display information about flash: file>
system
history Display the session command history>
...>
Notice that we did not see an "access-lists" option, so
the
help system thinks we should not be able to run it...
Yes, you cannot normally see access-lists option in the output of the help system. router>sh ? alps Alps information atm ATM information backup Backup status[cut] But when you enable full help the access-lists option is there with many others: router>terminal full-help router>sh ? access-expression List access expression access-lists List access lists adjacency Adjacent nodes aliases Display alias commands alps Alps information arp ARP table async Information on terminal lines used as router interfaces atm ATM information backup Backup status And the privilege level was 1 the whole time: router>sh priv Current privilege level is 1
Current thread:
- Wemilo cassius () HUSHMAIL COM (Apr 30)
- pam_console bug Michal Zalewski (May 02)
- Re: pam_console bug Benjamin Smee (May 03)
- Re: pam_console bug Michal Zalewski (May 04)
- Re: pam_console bug Benjamin Smee (May 03)
- Re: Wemilo daedalus (May 02)
- Possible issue with Cisco on-line help? Fernando Montenegro (May 02)
- Re: Possible issue with Cisco on-line help? Fernando Montenegro (May 04)
- Re: Possible issue with Cisco on-line help? Lisa Napier (May 09)
- Re: Possible issue with Cisco on-line help? Fernando Montenegro (May 04)
- 4ward:It's a blue world! deepquest () NETSCAPE NET (May 02)
- Denial of service attack against tcpdump bretonh () PARANOIA PGCI CA (May 02)
- Re: Denial of service attack against tcpdump antirez (May 03)
- Re: Denial of service attack against tcpdump Sebastian (May 03)
- Re: Denial of service attack against tcpdump Dragos Ruiu (May 03)
- Re: Denial of service attack against tcpdump Gerald Combs (May 03)
- "ILOVEYOU" virus analysis Steve Wolfe (May 04)
- 2.2.14 Kernel exec/open bug (?) The Cr0W (May 05)
- Re: Denial of service attack against tcpdump Hugo.van.der.Kooij () CAIW NL (May 09)
(Thread continues...)
- pam_console bug Michal Zalewski (May 02)