Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Bulletins Digest

From: jlangseth () ESISYS COM (Jacob Langseth)
Date: Thu, 23 Jul 1998 16:52:46 -0400


        HEWLETT-PACKARD SECURITY BULLETIN: #00079  23 July 1998

[...]

-------------------------------------------------------------------------
PROBLEM: ftp client interprets server provided filenames which can
         cause commands to be run on the client.

PLATFORM: HP9000 series 700/800, HP-UX releases 9.X, 10.X, and 11.00

DAMAGE:   Local users can increase their privileges


Come again?  It opens up affected clients to remote compromise,
but how is it supposed to increase their privileges since the client
is running in the context of the user being affected?

--
Jacob Langseth <jlangseth () esisys com>
Enhanced Systems, Inc.
Previous By Date Next
Previous By Thread Next

Current thread: