exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

007

007
Posted Sep 23, 1999

007

SHA-256 | d0063de68e12b42879c643fa34a8f290d77bcaeccfb616d2808b6c57e5c4feb9

007

Change Mirror Download
From support@us.external.hp.com Wed Mar 13 01:01:06 1996
Date: Wed, 13 Mar 1996 01:08:58 -0800
From: HPSL Mail Service <support@us.external.hp.com>
Reply to: support-feedback@us.external.hp.com
To: Damien Sorder <jericho@netcom.com>
Subject: RE: send doc HPSBUX9404-007

--------
## Regarding your request:
Send Doc HPSBUX9404-007

The following are the results of your request from the HP SupportLine mail
service.

===============================================================================
Document Id: [HPSBUX9404-007]
Date Loaded: [04-23-94]

Description: HP-UX does not have ftpd SITE EXEC vulnerability
===============================================================================

-----------------------------------------------------------------------
HEWLETT-PACKARD SECURITY BULLETIN: #00007, 22 April 94
******** ADVISORY ONLY ********
-----------------------------------------------------------------------

_______________________________________________________________________
ISSUE: Ftpd SITE EXEC security problem announced by CIAC,CERT
PLATFORM: All HP-UX systems
STATUS: NOT present on HP-UX.
ADVICE: Continue to use ftpd distributed with HP-UX.
_______________________________________________________________________


I. ftpd

A. Nature of the Problem

Recent announcements by CIAC (E-17) and CERT (CA-94:08) warned
of a potential danger caused by the SITE EXEC command used on
ftpd programs. If the ftpd had improper permissions, this
command could allow an intruder to execute commands on the
system with unauthorized privileges. Such an intrusion could
lead to super-user privileges.

B. Status of HP-UX

HP-UX ftpd does NOT currently allow a SITE EXEC command, so
this security threat does NOT exist.

Some HP-UX users may have chosen to run the non-HP
version of ftpd available from source archives such
as the wuarchive. These ftpds may be vulnerable and
these users should heed the CIAC/CERT warnings.

C. Recommended Actions

HP-UX users should continue to use the ftpd distributed
with the release tapes or provided in official HP-UX patches.


Appendix A. Contacting CERT

1. For complete details on CERT, use anonymous ftp to retrieve
~pub/cert_faq from cert.org. The advisory mentioned above
can be retreived using anonymous ftp to cert.org: it is kept
in ~pub/cert_advisories/CA-94:08.ftpd.vulnerabilities.

2. Write to cert@cert.org.

3. Call 1 412-268-7090 (24-hour hotline)


Appendix B. Contacting CIAC (US Dept of Energy)

1. Call 510-422-8193
2. Write to ciac@llnl.gov.
3. Subscribe to mailing lists, by sending body text containing:
subscribe CIAC-BULLETIN Full_Name Phone_number
to ciac-listproc@llnl.gov.

-----------------------------------------------------------------------
To subscribe to automatically receive NEW future HP Security Bulletins
from the HP SupportLine mail service via electronic mail, send the
following in the TEXT PORTION OF THE MESSAGE to
support@support.mayfield.hp.com (no Subject is required):

subscribe security_info

To retrieve the index of all HP Security Bulletins, send the following:

send security_info_list

To obtain a copy of the HP SupportLine mail service user's guide,
send the following to support@support.mayfield.hp.com:

send guide.txt


For security concerns, write to:

security-alert@hp.com

-----------------------------------------------------------------------
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close