Re: Cluster 02: VEN-AIX

To: "Steven M. Christey" <coley@linus.mitre.org>, cve-review@linus.mitre.org
Subject: Re: Cluster 02: VEN-AIX
From: Adam Shostack <adam@netect.com>
Date: Fri, 18 Jun 1999 11:28:27 -0400
In-Reply-To: <199906171906.PAA16449@basie.mitre.org>; from Steven M. Christey on Thu, Jun 17, 1999 at 03:06:11PM -0400
References: <199906171906.PAA16449@basie.mitre.org>
Reply-To: adam@netect.com

ACCEPT all except:

| Proposer: 001
| Assigned: 19990617
| Announced: 19990617
| Category: SF
| Reference: ERS:ERS-SVA-E01-1997:009.1
| 
| The AIX FTP client can be forced to execute commands from a malicious
| server through shell metacharacters, i.e. in files whose name begins with a
| pipe character.

MODIFY:

The AIX ftp client will execute commands given to it as shell
metacharaters when connecting to a malicious ftp server.



-------------------
Also, wasn't CVE-00113 (-froot) referenced in an IBM advisory, and
thus should be in this cluster?  I can't find the advisory, but I
remember having to panic patch a dozen AIX machines over a weekend,
and the advisory coming out on the next Monday or Tuesday.

Follow-Ups:
- Re: Cluster 02: VEN-AIX
  - From: Gene Spafford <spaf@cs.purdue.edu>

References:
- Cluster 02: VEN-AIX
  - From: "Steven M. Christey" <coley@linus.mitre.org>

Prev by Date: Re: Cluster 06: VEN-others
Next by Date: Re: Cluster 02: VEN-AIX
Prev by thread: Cluster 02: VEN-AIX
Next by thread: Re: Cluster 02: VEN-AIX
Index(es):
- Date
- Thread

Page Last Updated: May 22, 2007

Common Vulnerabilities and Exposures

Re: Cluster 02: VEN-AIX