Subject: | |
From: | |
Reply To: | |
Date: | Sat, 21 Jul 2001 16:20:46 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
CIAC reported a couple of HP-UX Vulnerabilities in FTP and mkacct.
I understand that MPE/iX is seldom if ever, reported here. And I
wonder if it is also affected? (Probably not with mkacct, but you
never know, is NEWACCT similar?)
______________________________________________________________________________
PROBLEM: The ftpd and ftp incorrectly manage buffers.
PLATFORM: HP9000 Series 700/800 running HP-UX releases 10.01, 10.10,
10.20, 11.00, and 11.11.
DAMAGE: Remote users could execute unauthorized code.
SOLUTION: Apply the appropriate patch for the HP-UX release as prescribed
by Hewlett-Packard.
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM. A problem exists with the ftp server glob()
ASSESSMENT: function implementation.
______________________________________________________________________________
PROBLEM: A security vulnerability exists in the mkacct program.
PLATFORM: HP9000 Servers running HP-UX 11.04 (VVOS), VirtualVault only.
DAMAGE: Potential unauthorized privileged access.
SOLUTION: Apply the appropriate patch for the VirtualVault release as
prescribed by Hewlett-Packard.
______________________________________________________________________________
VULNERABILITY The risk is LOW. The /sbin/mkacct program incorrectly performs
ASSESSMENT: its functions, with a potential to allow unauthorized
privileged access.
______________________________________
--
BT
NNNN
Tracy Johnson
Justin Thyme Productions
Sponsors Free Multiuser Wargaming on the WEB at:
http://hp3000.empireclassic.com/
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|