> HEWLETT-PACKARD SECURITY BULLETIN: #00079 23 July 1998 [...] > ------------------------------------------------------------------------- > PROBLEM: ftp client interprets server provided filenames which can > cause commands to be run on the client. > > PLATFORM: HP9000 series 700/800, HP-UX releases 9.X, 10.X, and 11.00 > > DAMAGE: Local users can increase their privileges Come again? It opens up affected clients to remote compromise, but how is it supposed to increase their privileges since the client is running in the context of the user being affected? -- Jacob Langseth <jlangsethat_private> Enhanced Systems, Inc.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:45 PDT