Updated: October 11, 2000
HP is vulnerable. Please see: HPSBUX0007-117: Sec. Vulnerability in ftpd, **Rev.01** HEWLETT-PACKARD COMPANY SECURITY ADVISORY: #00117, 11 July '00, Last Revised: 12 July '00 An excerpt: PROBLEM: The ftp server (ftpd) on HP-UX allows users root access. PLATFORM: HP-UX release 11.00 - Both Problem #1 and #2 below; HP-UX release 10.20 - Problem #2, setproctitle(), only
DAMAGE: Unauthorized root access. SOLUTION: Install temporary binary until an official patch is released. AVAILABILITY: The temporary binary is available now (see below). A. Background
There are 2 problems with FTP Server (ftpd) on HP-UX. ftpd handling of the SITE EXEC command that allows remote users to gain root access. This is possible in the default configuration of ftpd on HP-UX 11.00 ONLY. ftpd does not properly format the parameters to the setproctitle() function, allowing users to gain root access. This problem applies to both 11.00 and 10.X. B. Fixing the problem
All system administrators are encouraged to install our temporary binary until an official patch is released. The file can be retrieved to simply replace the original factory supplied binary. C. Recommended solution
Two temporary ftp binaries (for HP-UX 11.00 and HP-UX 10.20) can be found at: ftp://ftp.cup.hp.com/dist/networking/ftp/ftpd.11.0
--->>>These are to be installed in /usr/lbin/ftpd, with permissions 544. NOTE: This advisory [HPSBUX0007-117] will be updated when patches become available. Copyright © 2000 Hewlett-Packard Company
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.