Bugtraq mailing list archives
Re: Security Bulletins Digest
From: jlangseth () ESISYS COM (Jacob Langseth)
Date: Thu, 23 Jul 1998 16:52:46 -0400
HEWLETT-PACKARD SECURITY BULLETIN: #00079 23 July 1998
[...]
------------------------------------------------------------------------- PROBLEM: ftp client interprets server provided filenames which can cause commands to be run on the client. PLATFORM: HP9000 series 700/800, HP-UX releases 9.X, 10.X, and 11.00 DAMAGE: Local users can increase their privileges
Come again? It opens up affected clients to remote compromise, but how is it supposed to increase their privileges since the client is running in the context of the user being affected? -- Jacob Langseth <jlangseth () esisys com> Enhanced Systems, Inc.
Current thread:
- Re: Security Bulletins Digest Jacob Langseth (Jul 23)