AOL Server tcl Compiler Exploit
Discovered By:
Alan
Date:
Fall 1998
Patched:
February 1999
AOL's network is made up of hundreds of Unix boxes which all run the same
server software written by AOL called "AOL Server".
Alan found an exploit in AOL Server which allowed anyone to access the tcl
compiler for the Unix Box. Using this tcl compiler exploit Alan was able
to root dozens of AOL Unix boxes running AOL Server. Using these boxes he
setup several port redirects for IRC but more importantly was able to
access CRIS by setting up his computer as part of the AOL LAN. Alan also
had access to very confidential source code and other files on AOL's
internal network.
An internal Opssec email sent out to all System Administrators describing
the exploit and how to patch it can be found here.
This exploit eventually got Alan arrested in March, 1999 even after he
told AOL how to patch it and they said he wouldn't be prosecuted. Alan
became only the 2nd person to get arrested in connection with AOL for
violating Computer Hacking laws(the first was Happy Hardcore), although
Federal charges were never brought; he was prosecuted under a Class D NY
State Computer Crimes felony.
Contributed By:
O0O
|
