|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cluster 02: VEN-AIX
- To: "Steven M. Christey" <coley@linus.mitre.org>, cve-review@linus.mitre.org
- Subject: Re: Cluster 02: VEN-AIX
- From: Adam Shostack <adam@netect.com>
- Date: Fri, 18 Jun 1999 11:28:27 -0400
- In-Reply-To: <199906171906.PAA16449@basie.mitre.org>; from Steven M. Christey on Thu, Jun 17, 1999 at 03:06:11PM -0400
- References: <199906171906.PAA16449@basie.mitre.org>
- Reply-To: adam@netect.com
ACCEPT all except: | Proposer: 001 | Assigned: 19990617 | Announced: 19990617 | Category: SF | Reference: ERS:ERS-SVA-E01-1997:009.1 | | The AIX FTP client can be forced to execute commands from a malicious | server through shell metacharacters, i.e. in files whose name begins with a | pipe character. MODIFY: The AIX ftp client will execute commands given to it as shell metacharaters when connecting to a malicious ftp server. ------------------- Also, wasn't CVE-00113 (-froot) referenced in an IBM advisory, and thus should be in this cluster? I can't find the advisory, but I remember having to panic patch a dozen AIX machines over a weekend, and the advisory coming out on the next Monday or Tuesday.
- Follow-Ups:
- Re: Cluster 02: VEN-AIX
- From: Gene Spafford <spaf@cs.purdue.edu>
- Re: Cluster 02: VEN-AIX
- References:
- Cluster 02: VEN-AIX
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Cluster 02: VEN-AIX
- Prev by Date: Re: Cluster 06: VEN-others
- Next by Date: Re: Cluster 02: VEN-AIX
- Prev by thread: Cluster 02: VEN-AIX
- Next by thread: Re: Cluster 02: VEN-AIX
- Index(es):