HP-UX 11.0 ftpd SITE EXEC Format String Vulnerability

info
discussion
exploit
solution
references

HP-UX 11.0 ftpd SITE EXEC Format String Vulnerability

The default installation of HP-UX 11.0 ftpd is vulnerable to a SITE EXEC format string attack, similar to the highly publicized wu-ftpd SITE EXEC vulnerability (BugTraq ID 1387). This attack can lead to a root compromise of the targeted host.