LISTSERV - HP3000-L Archives

HP3000-L Archives

July 2001, Week 5

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 2001, Week 5

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	HP-UX FTP Vulnerability
From:	"HOFMEISTER,JAMES (HP-USA,ex1)" <[log in to unmask]>
Reply To:	HOFMEISTER,JAMES (HP-USA,ex1)
Date:	Mon, 30 Jul 2001 08:24:54 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (38 lines)

Hello Folks @ 3000-l,

Re: HP-UX FTP Vulnerability

CIAC reported a couple of HP-UX Vulnerabilities in FTP and mkacct.

____________________________________________________________________________
_
PROBLEM:       The ftpd and ftp incorrectly manage buffers.
PLATFORM:      HP9000 Series 700/800 running HP-UX releases 10.01, 10.10,
               10.20, 11.00, and 11.11.
DAMAGE:        Remote users could execute unauthorized code.
SOLUTION:      Apply the appropriate patch for the HP-UX release as
prescribed
               by Hewlett-Packard.
____________________________________________________________________________
__
VULNERABILITY  The risk is MEDIUM. A problem exists with the ftp server
glob()
ASSESSMENT:    function implementation.
____________________________________________________________________________
__



I checked the FTP code and did not find this could be a problem on the
HPe3K.  I also verified this with the FTP/iX lab engineer.

Regards,

James Hofmeister
Hewlett Packard
Worldwide Technology Network Expert Center
P.S. My Ideals are my own, not necessarily my employers.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU