Plugin 11372 reports this about a Mac OS X ftp sever: "Buffer overflow in FTP server in HPUX 11 and previous allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command which uses glob to generate long strings. *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled."
(Nessus identifies the target as Mac OS X 10.4.7, the ftp banner says Mac OS X Server 10.5.5, however, the plugin refers to HPUX 11). Do HPUX and Mac OS X ftp servers have the same possible vulnerability or should this plugin alert be ignored for Mac OS X? -- Carl Nelson Distributed Systems Support Section, Computer Centre, University of Leicester, Leicester, LE1 7RH, U.K. Tel: +44 (0)116 252 2060, Fax: +44 (0)116 252 5027 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
