Alan Accesses CRIS
Discovered By:
Alan
Date:
January 1999
Patched:
n/a
Using a tcl compiler exploit in AOL Unix boxes running AOL Server, Alan
was able to gain root on dozens of boxes. He used these boxes to setup
port redirects and to add his own computer to the AOL LAN. Doing this
gave his computer an "on-campus" AOL tcp login which allowed him to access
CRIS.
One of the security measures that arose out of this was that every
Internal had to be bound to an SID (although the "On-campus" always SID
measure was not mandatory. This would come back to bite AOL in the ass
when mass CRIS break-ins occurred in the Summer of 2000).
Contributed By:
O0O
|
