Computer Security
[EN] securityvulns.ru no-pyccku


HP-UX unauthorized access with ftp server
Published:15.08.2008
Source:
SecurityVulns ID:9226
Type:remote
Threat Level:
7/10
Affected:HP : HP-UX 11.11
CVE:CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.)
Original documentdocumentHP, [security bulletin] HPSBUX02356 SSRT080051 rev.1 - HP-UX Running ftpd, Remote Privileged Access (15.08.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod