[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cluster 04: VEN-HP



On Thu, Jun 17, 1999 at 03:09:25PM -0400, Steven M. Christey wrote:

| Candidate: CAN-1999-0057
| Proposer: 001
| Assigned: 19990617
| Announced: 19990617
| Category: SF
| Reference: SNI:SNI-19
| Reference: XF:vacation
| Reference: HP:HPSBUX9811-087
| 
| Vacation program allows command execution by remote users through
| a sendmail command.

MODIFY

Problem 1: SNI-19 is SNI-19.BSD.lpd.vulnerabilities update according
to http://geek-girl.com/bugtraq/1997_4/0106.html

Problem 2: Wording is unclear.  Is this a vacation problem, a
.vacation problem, or a sendmail problem?

| Candidate: CAN-1999-0551
| Proposer: 001
| Assigned: 19990617
| Announced: 19990617
| Category: CF
| Reference: HP:HPSBUX9804-078
| Reference: XF:hp-openmail
| 
| HP OpenMail can be misconfigured to allow users to run arbitrary
| commands using malicious print requests.

Question: Is this run arbitrary commands as root...?

I NOOP on the others in this subcluster.

 
Page Last Updated: May 22, 2007