Subject: | |
From: | |
Reply To: | HOFMEISTER,JAMES (HP-USA,ex1) |
Date: | Mon, 30 Jul 2001 08:24:54 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hello Folks @ 3000-l,
Re: HP-UX FTP Vulnerability
CIAC reported a couple of HP-UX Vulnerabilities in FTP and mkacct.
____________________________________________________________________________
_
PROBLEM: The ftpd and ftp incorrectly manage buffers.
PLATFORM: HP9000 Series 700/800 running HP-UX releases 10.01, 10.10,
10.20, 11.00, and 11.11.
DAMAGE: Remote users could execute unauthorized code.
SOLUTION: Apply the appropriate patch for the HP-UX release as
prescribed
by Hewlett-Packard.
____________________________________________________________________________
__
VULNERABILITY The risk is MEDIUM. A problem exists with the ftp server
glob()
ASSESSMENT: function implementation.
____________________________________________________________________________
__
I checked the FTP code and did not find this could be a problem on the
HPe3K. I also verified this with the FTP/iX lab engineer.
Regards,
James Hofmeister
Hewlett Packard
Worldwide Technology Network Expert Center
P.S. My Ideals are my own, not necessarily my employers.
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|