Re: Security Bulletins Digest

From: Jacob Langseth (jlangsethat_private)
Date: Thu Jul 23 1998 - 13:52:46 PDT

Next message: Benoit Lefebvre: "Re: Backdoor in ircN, popular mIRC script."

Previous message: Nick Koscianski: "Backdoor in ircN, popular mIRC script."
Maybe in reply to: vtmueat_private-FREIBURG.DE: "Security Bulletins Digest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>         HEWLETT-PACKARD SECURITY BULLETIN: #00079  23 July 1998
[...]
> -------------------------------------------------------------------------
> PROBLEM: ftp client interprets server provided filenames which can
>          cause commands to be run on the client.
>
> PLATFORM: HP9000 series 700/800, HP-UX releases 9.X, 10.X, and 11.00
>
> DAMAGE:   Local users can increase their privileges

Come again?  It opens up affected clients to remote compromise,
but how is it supposed to increase their privileges since the client
is running in the context of the user being affected?

--
Jacob Langseth <jlangsethat_private>
Enhanced Systems, Inc.

Next message: Benoit Lefebvre: "Re: Backdoor in ircN, popular mIRC script."
Previous message: Nick Koscianski: "Backdoor in ircN, popular mIRC script."
Maybe in reply to: vtmueat_private-FREIBURG.DE: "Security Bulletins Digest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:45 PDT