HP MPE/iX FTPSRVR Arbitrary Shell Command Execution Vulnerability

MPE/iX is an Internet-ready operating system for the HP e3000 class servers.

Under some conditions, it may be possible for a user with access to an FTP server to execute commands on a MPE/iX server. Due to insufficient checking of input by FTP users, it is possible to pass arbitrary commands embedded in the argument to LIST. This could allow a user without regular shell access to the host to gain access.


 

Privacy Statement
Copyright 2010, SecurityFocus