Notified: March 28, 2001 Updated: April 09, 2001
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: May 16, 2001
Unknown
Mac OS X 10.0.2 and later include a fix for File Globbing vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 09, 2001
Unknown
COMPAQ COMPUTER CORPORATION x-ref: Compaq case id - SSRT1-83 At the time of writing this document, Compaq is currently investigating the potential impact to Compaq's ftp service. Initial tests indicate Compaq's ftp service is not vulnerable. As further information becomes available Compaq will provide notice of the completion/availibility of any necessary patches through AES services (DIA,DSNlink FLASH and posted to the Services WEB page) and be available from your normal Compaq Services Support channel. COMPAQ COMPUTER CORPORATION
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Affected
FreeBSD is vulnerable to the glob-related bugs. We have corrected these bugs in FreeBSD 5.0-CURRENT and FreeBSD 4.2-STABLE, and they will not be present in FreeBSD 4.3-RELEASE.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Affected
[...] we have determined that the versions of UXP/V shown below are vulnerable. Patches are being prepared and will be assigned the patch numbers also shown below: OS Version,PTF level patch ID UXP/V V20L10 X01021 UX28161 UXP/V V20L10 X00091 UX28160 UXP/V V10L20 X01041 UX15527
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: May 09, 2001
Affected
As originally stated in the NAI Covert labs Advisory, HP is vulnerable. We will be releasing four patches, one each for Pre 10.20, 10.20 , 11.00 and 11.11. Watch for the associated HP security Bulletin announcing the patches when coding and testing is successfully completed.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Not Affected
[...] we have not found the described vulnerabilities to exist in the AIX versions of glob as used in the ftp daemon.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 09, 2001
Affected
Please be aware that as of March 29, 2001, NetBSD has a fix for both the glob resource consumption (via an application controlled GLOB_LIMIT flag) and the buffer overflow (always enforced). These fixes should work on any 4.4BSD derived glob(3).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
NAI reports that OpenBSD is vulnerable. See http://www.pgp.com/research/covert/advisories/048.asp#Vulnerable%20Systems
Notified: April 10, 2001 Updated: April 11, 2001
Not Affected
publicfile has none of these bugs, deliberately avoids globbing, and has never used any ftpd-derived code. See http://cr.yp.to/publicfile.html.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Unknown
SGI SGI acknowledges the vulnerability reported by NAI COVERT Labs and is currently investigating. No further information is available at this time. As further information becomes available, additional advisories will be issued via the normal SGI security information distribution methods including the wiretap mailing list and http://www.sgi.com/support/security/ For the protection of all our customers, SGI does not disclose, discuss or confirm vulnerabilities until a full investigation has occurred and any necessary patch(es) or release streams are available for all vulnerable and supported IRIX operating systems. Until SGI has more definitive information to provide, customers are encouraged to assume all security vulnerabilities as exploitable and take appropriate steps according to local site security policies and requirements.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: July 29, 2001
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
NAI has reported that Sun is vulnerable. See http://www.pgp.com/research/covert/advisories/048.asp#Vulnerable%20Systems Additionally, it appears that Sun has provided a patch for this problem, available at http://sunsolve.Sun.COM/pub-cgi/findPatch.pl?patchId=110646&rev=02.
Notified: March 28, 2001 Updated: April 09, 2001
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 28, 2001 Updated: April 09, 2001
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
At the present time, the CERT/CC does not believe wu-ftpd is affected by this problem.