Geac ADVANCE library system security HOLE

GAVRILIS DIMITR (a98-4113@AMALIA.EE.UPATRAS.GR)
Thu, 02 Apr 1998 10:04:26 +0200 (EET)

Gavrilis Dimitris (a98-4113@ee.upatras.gr), student (freshman) at:

*****************************************************************************
Electrical & Computer Engineering Department
University of Patras, Greece
*****************************************************************************

==> This is the first time i write to BUGTRAQ. Excuse me if this has been
==> reported in the past or if it's too lame.

While i was messing around with a Univeristy Library system (specifically
a Geac ADVANCE (3.01) ) i was trying to shell out to UNIX (Geac Computer
Corporation Limited is a company that makes UNIX based library automation
systems for public, academic, and special libraries. For more information
you can visit their website at http://www.geac.com) i tried some control characters and i noticed
that if you press "CTRL-v", the library system shells out to some
environment with a "::" prompt (i haven't tried to figure out what it is.).

Then i tried some commands like "LS", "HELP", "CD" ... NO LUCK. Anyway, if
you type "Q" the system shells you somewhere else with a ">" prompt.

>From there you can do many things like type "HELP" to get some help on the
system or you can try "HELP *" to see the hole manual!!! There are commands
like "CHDIR" to change the current UNIX directory, or the "AVAIL" command
to view the available disk space on the system. If you wanna exit the program
and return to a UNIX envrinoment you can use the "QUIT" command but this one
usually doesn't work (notice that you can get help on all these commands
with the "HELP <COMMAND>"). Instead, you can use the "SH" or the "CSH"
command to invoke a UNIX shell !!!

This is very cool because you can obtain unauthorized access of the system.
You can find Geac ADVANCE Library system usually on universities. I tried to
do the same on a another version of the current program but it didn't work.
I don't know if there is a fix on the current version.

If there have been any reports in the past concerning the same hole, please
mail to: BUGTRAQ@NETSPACE.ORG / or to: a98-4113@ee.upatras.gr .

:-) Live Long & Prosper (-: