[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cluster 02: VEN-AIX
ACCEPT all except: | Proposer: 001 | Assigned: 19990617 | Announced: 19990617 | Category: SF | Reference: ERS:ERS-SVA-E01-1997:009.1 | | The AIX FTP client can be forced to execute commands from a malicious | server through shell metacharacters, i.e. in files whose name begins with a | pipe character. MODIFY: The AIX ftp client will execute commands given to it as shell metacharaters when connecting to a malicious ftp server. ------------------- Also, wasn't CVE-00113 (-froot) referenced in an IBM advisory, and thus should be in this cluster? I can't find the advisory, but I remember having to panic patch a dozen AIX machines over a weekend, and the advisory coming out on the next Monday or Tuesday.