Ericsson Tigris Remote-Access Login Failure Vulnerability
BID:1345
Info
Ericsson Tigris Remote-Access Login Failure Vulnerability
| Bugtraq ID: | 1345 |
| Class: | Atomicity Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 13 2000 12:00AM |
| Updated: | Jun 13 2000 12:00AM |
| Credit: | This vulnerability was reported to the BugTraq mailing list by John Edwards on June 13, 2000. |
| Vulnerable: |
Ericsson AXC Tigris MultiService Access Platform 711.0 Ericsson AXC Tigris MultiService Access Platform 627.0 Ericsson AXC Tigris MultiService Access Platform 623.0 |
| Not Vulnerable: | |
Discussion
Ericsson Tigris Remote-Access Login Failure Vulnerability
A bug in the Tigris operating system software causes Radius accounting to fail to log certain regular login conditions. When a user fails login authentication, the PPP Authentication routine allows the user to retry login without having to re-establish a new connection. After the user retries and successfully logs in, the Tigris may not deliver the Accounting data for that user. This would mean that the Radius Acounting would not log the call and therefore have no record of the connection details.
A bug in the Tigris operating system software causes Radius accounting to fail to log certain regular login conditions. When a user fails login authentication, the PPP Authentication routine allows the user to retry login without having to re-establish a new connection. After the user retries and successfully logs in, the Tigris may not deliver the Accounting data for that user. This would mean that the Radius Acounting would not log the call and therefore have no record of the connection details.
Exploit / POC
Ericsson Tigris Remote-Access Login Failure Vulnerability
See discussion.
See discussion.
Solution / Fix
Ericsson Tigris Remote-Access Login Failure Vulnerability
Solution:
The bug does not appear in the recent Tigris OS 11.5.4.22 software release.
Solution:
The bug does not appear in the recent Tigris OS 11.5.4.22 software release.
References
Ericsson Tigris Remote-Access Login Failure Vulnerability
References:
References: