MPCS security holes

Bill Woodland (
Mon, 15 Dec 1997 23:33:44 -0600

>Date: Wed, 10 Dec 1997 21:40:39 -0600 (CST)
>From: Jason Williams <>
>Subject: MPCS security holes
>I'm not sure if White Pine knows this and just haven't corrected for
>it, but I've found a major security hole in MPCS concerning telnetting in
>to the reflector.
>It affects all MPCS reflectors regardless of allow-wpconfig settings and
>regardless of which part is passworded (the GUI or the telnet).
>Just telnet to the IP of a MPCS reflector port 7642 and type in "who" or
>"help commands". It seems port 7642 is the same as 7640 without the
>prompt. It also isn't restricted with the use of allow-wpconfig lines
>line port 7640 is so ANYONE can see who's on the reflectors.
>The problem actually is much worse than that. If the operator has chosen
>to password the GUI, anyone telnetting to port 7642 can do ANYTHING with
>the reflector (kill people, deny, allow, setup new conferences, delete
>conferences, etc). No allow-wpconfig line or password is required. I
>believe this also stems from the fact that if you password the GUI, anyone
>who CAN telnet in to port 7640 has complete access to the reflector as
>well (no password required). It's also been my experience that almost
>everyone running MPCS has chosen to password the GUI, so anyone with the
>knowledge of this security hole can potentially cause a lot of damage.
>With Bill's reflector, he chose to password the telnet, so anyone
>telnetting to port 7642 on his reflector can only see who's on the public
>conferences and isn't allowed kill/deny/etc without entering a password.
>Still, it renders allow-wpconfig completely useless.
>I hope this problem will be fixed soon. Unlike the bug with mpcs.html
>displaying all public and private conferences to anyone that goes to that
>URL, this one is much more serious since it not only displays public and
>private conferences, but who's on them and potentially allows anyone to
>have complete control over the reflector. One thing I don't know of is
>how much activity on port 7642 is logged. Maybe Eric or Bill can help
>with that.
>--Jason Williams (still awaiting Solaris MPCS)
> * Jason Williams -- Austin, Tx. | |
> * University of Texas at Austin | ___ |
> * BS Computer Science \_|_/
>*************** **************|
Bill Woodland (Squeek =A9) PC questions only, please.
Personal web page:
CU-SeeMe page:
CU-SeeMe Unsubscribe? Details at