Plugin 11372

["Nelson, C.M." <cmn@leicester.ac.uk>]

Plugin 11372 reports this about a Mac OS X ftp sever:

"Buffer overflow in FTP server in HPUX 11 and previous allows remote
attackers to execute arbitrary commands by creating a long pathname and
calling the STAT command  which uses glob to generate long strings. ***
Nessus reports this vulnerability using only *** information that was
gathered. Use caution *** when testing without safe checks enabled."

(Nessus identifies the target as Mac OS X 10.4.7, the ftp banner says
Mac OS X Server 10.5.5, however, the plugin refers to HPUX 11). Do HPUX
and Mac OS X ftp servers have the same possible vulnerability or should
this plugin alert be ignored for Mac OS X?

--
Carl Nelson
Distributed Systems Support Section, Computer Centre, University of
Leicester, Leicester, LE1 7RH, U.K.
Tel: +44 (0)116 252 2060, Fax: +44 (0)116 252 5027
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus