[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cluster 02: VEN-AIX

ACCEPT all except:

| Proposer: 001
| Assigned: 19990617
| Announced: 19990617
| Category: SF
| Reference: ERS:ERS-SVA-E01-1997:009.1
| The AIX FTP client can be forced to execute commands from a malicious
| server through shell metacharacters, i.e. in files whose name begins with a
| pipe character.


The AIX ftp client will execute commands given to it as shell
metacharaters when connecting to a malicious ftp server.

Also, wasn't CVE-00113 (-froot) referenced in an IBM advisory, and
thus should be in this cluster?  I can't find the advisory, but I
remember having to panic patch a dozen AIX machines over a weekend,
and the advisory coming out on the next Monday or Tuesday.

Page Last Updated or Reviewed: May 22, 2007