[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: Cluster 04: VEN-HP
On Thu, Jun 17, 1999 at 03:09:25PM -0400, Steven M. Christey wrote:
| Candidate: CAN-1999-0057
| Proposer: 001
| Assigned: 19990617
| Announced: 19990617
| Category: SF
| Reference: SNI:SNI-19
| Reference: XF:vacation
| Reference: HP:HPSBUX9811-087
|
| Vacation program allows command execution by remote users through
| a sendmail command.
MODIFY
Problem 1: SNI-19 is SNI-19.BSD.lpd.vulnerabilities update according
to http://geek-girl.com/bugtraq/1997_4/0106.html
Problem 2: Wording is unclear. Is this a vacation problem, a
.vacation problem, or a sendmail problem?
| Candidate: CAN-1999-0551
| Proposer: 001
| Assigned: 19990617
| Announced: 19990617
| Category: CF
| Reference: HP:HPSBUX9804-078
| Reference: XF:hp-openmail
|
| HP OpenMail can be misconfigured to allow users to run arbitrary
| commands using malicious print requests.
Question: Is this run arbitrary commands as root...?
I NOOP on the others in this subcluster.