[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cluster 04: VEN-HP
On Thu, Jun 17, 1999 at 03:09:25PM -0400, Steven M. Christey wrote: | Candidate: CAN-1999-0057 | Proposer: 001 | Assigned: 19990617 | Announced: 19990617 | Category: SF | Reference: SNI:SNI-19 | Reference: XF:vacation | Reference: HP:HPSBUX9811-087 | | Vacation program allows command execution by remote users through | a sendmail command. MODIFY Problem 1: SNI-19 is SNI-19.BSD.lpd.vulnerabilities update according to http://geek-girl.com/bugtraq/1997_4/0106.html Problem 2: Wording is unclear. Is this a vacation problem, a .vacation problem, or a sendmail problem? | Candidate: CAN-1999-0551 | Proposer: 001 | Assigned: 19990617 | Announced: 19990617 | Category: CF | Reference: HP:HPSBUX9804-078 | Reference: XF:hp-openmail | | HP OpenMail can be misconfigured to allow users to run arbitrary | commands using malicious print requests. Question: Is this run arbitrary commands as root...? I NOOP on the others in this subcluster.