TUCoPS :: Unix :: General :: geacavnc.htm

Badly configured Geac ADVANCE 
Vulnerability

    Geac ADVANCE

Affected

    Systems running badly configured Geac ADVANCE

Description

    On  poorly  configured  Geac  ADVANCE  system  following situation
    described  by  Gavrilis  Dimitr  is  possible  (under 3.01).  Geac
    Computer Corporation Limited  is a company  that makes UNIX  based
    library  automation  systems  for  public,  academic,  and special
    libraries.

    If  your  system  is  poorly  configured  you may try some control
    characters  and  notice  that  if  you press "CTRL-v", the library
    system shells  out to  some environment  with a  "::" prompt.   If
    you  type  "Q"  the  system  shells  you somewhere else with a ">"
    prompt.  From  there you can  do many things  like type "HELP"  to
    get some help  on the system  or you can  try "HELP *"  to see the
    whole  manual.  There  are  commands  like  "CHDIR"  to change the
    current  UNIX  directory,  or  the  "AVAIL"  command  to  view the
    available disk space on the system.  If you wanna exit the program
    and return to  a UNIX envrinoment  you can use  the "QUIT" command
    but this one usually doesn't work   (notice that you can get  help
    on all these  commands with the  "HELP <COMMAND>").   Instead, you
    can use the "SH" or the "CSH" command to invoke a UNIX shell.  The
    ">"  prompt  is  basically  a  variant  of  Pick  and it's exit to
    Universe.  This is very "cool" because you can obtain unauthorized
    access of the  system.  You  can find Geac  ADVANCE Library system
    usually  on  universities,  but  it   is  quite  common  in   some
    applications.

    As Martin Tullier added, the ""environment  with a  "::"  prompt""
    may be a UniData double prompt.  It can occur when dropping out of
    an  application/program  to  Environment  Control  Language  (ECL)
    equivalent to Terminal Control Language TCL for PICK.  GEAC has  a
    number of products/applications originally written in PICK but now
    using Unix and a Pick like RDBMS.

Solution

    If  you  can  replicate  said  before,  that  indicates  a  poorly
    configured system:

        a) All exit control key combinations not correctly disabled
        b) Accounts w/ access to the Geac shell (Universe/application)
           should be via a custom  C executable or Perl script,  not a
           normal Unix shell.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH