| VID |
16009 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.
By issuing format strings as the argument to the PASS ftp command, it is possible to overwrite values on the stack. Additionally, by passing the proper arguments, it is possible to conduct an attack similar to a traditional buffer overflow.
* Platforms Affected:
HP HP-UX 10.20 |
| Recommendation |
Install the temporary binary until an official patch is released. Two temporary ftp binaries (for HP-UX 11.00 and HP-UX 10.20) can be found at:
ftp://ftp.cup.hp.com/dist/networking/ftp/ftpd.11.0
ftp://ftp.cup.hp.com/dist/networking/ftp/ftpd.10.20 |
| Related URL |
CVE-2000-0699 (CVE) |
| Related URL |
1560 (SecurityFocus) |
| Related URL |
(ISS) |
|
