[7371] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Security Bulletins Digest

daemon@ATHENA.MIT.EDU (Jacob Langseth)
Thu Jul 23 23:08:45 1998

Date: 	Thu, 23 Jul 1998 16:52:46 -0400
Reply-To: Jacob Langseth <jlangseth@ESISYS.COM>
From: Jacob Langseth <jlangseth@ESISYS.COM>
To: BUGTRAQ@NETSPACE.ORG

>         HEWLETT-PACKARD SECURITY BULLETIN: #00079  23 July 1998
[...]
> -------------------------------------------------------------------------
> PROBLEM: ftp client interprets server provided filenames which can
>          cause commands to be run on the client.
>
> PLATFORM: HP9000 series 700/800, HP-UX releases 9.X, 10.X, and 11.00
>
> DAMAGE:   Local users can increase their privileges

Come again?  It opens up affected clients to remote compromise,
but how is it supposed to increase their privileges since the client
is running in the context of the user being affected?

--
Jacob Langseth <jlangseth@esisys.com>
Enhanced Systems, Inc.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[7371] in bugtraq

Re: Security Bulletins Digest

daemon@ATHENA.MIT.EDU (Jacob Langseth)Thu Jul 23 23:08:45 1998

daemon@ATHENA.MIT.EDU (Jacob Langseth)
Thu Jul 23 23:08:45 1998