Re: Cluster 04: VEN-HP

To: "Steven M. Christey" <coley@linus.mitre.org>, cve-review@linus.mitre.org
Subject: Re: Cluster 04: VEN-HP
From: Adam Shostack <adam@netect.com>
Date: Fri, 18 Jun 1999 09:28:41 -0400
In-Reply-To: <199906171909.PAA16460@basie.mitre.org>; from Steven M. Christey on Thu, Jun 17, 1999 at 03:09:25PM -0400
References: <199906171909.PAA16460@basie.mitre.org>
Reply-To: adam@netect.com

On Thu, Jun 17, 1999 at 03:09:25PM -0400, Steven M. Christey wrote:

| Candidate: CAN-1999-0057
| Proposer: 001
| Assigned: 19990617
| Announced: 19990617
| Category: SF
| Reference: SNI:SNI-19
| Reference: XF:vacation
| Reference: HP:HPSBUX9811-087
| 
| Vacation program allows command execution by remote users through
| a sendmail command.

MODIFY

Problem 1: SNI-19 is SNI-19.BSD.lpd.vulnerabilities update according
to http://geek-girl.com/bugtraq/1997_4/0106.html

Problem 2: Wording is unclear.  Is this a vacation problem, a
.vacation problem, or a sendmail problem?

| Candidate: CAN-1999-0551
| Proposer: 001
| Assigned: 19990617
| Announced: 19990617
| Category: CF
| Reference: HP:HPSBUX9804-078
| Reference: XF:hp-openmail
| 
| HP OpenMail can be misconfigured to allow users to run arbitrary
| commands using malicious print requests.

Question: Is this run arbitrary commands as root...?

I NOOP on the others in this subcluster.

References:
- Cluster 04: VEN-HP
  - From: "Steven M. Christey" <coley@linus.mitre.org>

Prev by Date: Administrivia
Next by Date: Re: Cluster 05: VEN-SGI
Prev by thread: Cluster 04: VEN-HP
Next by thread: Cluster 05: VEN-SGI
Index(es):
- Date
- Thread

Page Last Updated: May 22, 2007

Common Vulnerabilities and Exposures

Re: Cluster 04: VEN-HP