CIAC reported a couple of HP-UX Vulnerabilities in FTP and mkacct.

I understand that MPE/iX is seldom if ever, reported here.  And I
wonder if it is also affected?  (Probably not with mkacct, but you
never know, is NEWACCT similar?)

______________________________________________________________________________
PROBLEM:       The ftpd and ftp incorrectly manage buffers.
PLATFORM:      HP9000 Series 700/800 running HP-UX releases 10.01, 10.10,
               10.20, 11.00, and 11.11.
DAMAGE:        Remote users could execute unauthorized code.
SOLUTION:      Apply the appropriate patch for the HP-UX release as prescribed
               by Hewlett-Packard.
______________________________________________________________________________
VULNERABILITY  The risk is MEDIUM. A problem exists with the ftp server glob()
ASSESSMENT:    function implementation.
______________________________________________________________________________


PROBLEM:       A security vulnerability exists in the mkacct program.
PLATFORM:      HP9000 Servers running HP-UX 11.04 (VVOS), VirtualVault only.
DAMAGE:        Potential unauthorized privileged access.
SOLUTION:      Apply the appropriate patch for the VirtualVault release as
               prescribed by Hewlett-Packard.
______________________________________________________________________________
VULNERABILITY  The risk is LOW. The /sbin/mkacct program incorrectly performs
ASSESSMENT:    its functions, with a potential to allow unauthorized
               privileged access.
______________________________________
--
BT
NNNN
Tracy Johnson
Justin Thyme Productions
Sponsors Free Multiuser Wargaming on the WEB at:
http://hp3000.empireclassic.com/

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *