[15785] in bugtraq
Digital Unix/SCO/AIX & CERT Advisory CA-2000-13
daemon@ATHENA.MIT.EDU (Boyce, Nick)
Fri Jul 14 14:49:43 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <C1B2296C5D3ED11182DB00805F9A097E01505DB6@GBHBM001>
Date: Fri, 14 Jul 2000 14:43:51 +0100
Reply-To: "Boyce, Nick" <nick.boyce@EDS.COM>
From: "Boyce, Nick" <nick.boyce@EDS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
[ In case any other Digital Unix system admins out there are wondering ... ]
The CERT Advisory on the FTP Daemon "SITE EXEC" and "SetProcTitle" bugs
omitted any comment from Compaq about the vulnerability of Digital Unix's
FTP server (not to mention Ultrix ...)
I logged a call on Tuesday with Compaq to try to get an answer, and all they
have said so far is :
(a) The following comment was sent to CERT, but "missed the post"
COMPAQ COMPUTER CORPORATION
------------------------------
At the time of writing this document, this reported problem is
currently still under evaluation by engineering to determine the
requirement of a solution if necessary. COMPAQ will
provide an update to this advisory accordingly.
(b) "We are trying to determine what, if any, impact this may have on Tru64
Unix and TCP/IP for OpenVMS."
BTW: Does anyone know what the IBM AIX / SCO OpenServer / SCO Unixware
position is re these bugs ?
Nick
Systems Team, EDS Healthcare, Bristol, UK
