Re: Cluster 02: VEN-AIX
ACCEPT all except:
| Proposer: 001
| Assigned: 19990617
| Announced: 19990617
| Category: SF
| Reference: ERS:ERS-SVA-E01-1997:009.1
| The AIX FTP client can be forced to execute commands from a malicious
| server through shell metacharacters, i.e. in files whose name begins with a
| pipe character.
The AIX ftp client will execute commands given to it as shell
metacharaters when connecting to a malicious ftp server.
Also, wasn't CVE-00113 (-froot) referenced in an IBM advisory, and
thus should be in this cluster? I can't find the advisory, but I
remember having to panic patch a dozen AIX machines over a weekend,
and the advisory coming out on the next Monday or Tuesday.