On Dec 7, 2006, at 3:17 PM, Nelson, C.M. wrote:
Plugin 11372 reports this about a Mac OS X ftp sever:
"Buffer overflow in FTP server in HPUX 11 and previous allows remote
attackers to execute arbitrary commands by creating a long pathname
and
calling the STAT command which uses glob to generate long strings.
***
Nessus reports this vulnerability using only *** information that was
gathered. Use caution *** when testing without safe checks enabled."
(Nessus identifies the target as Mac OS X 10.4.7, the ftp banner says
Mac OS X Server 10.5.5, however, the plugin refers to HPUX 11). Do
HPUX
and Mac OS X ftp servers have the same possible vulnerability or
should
this plugin alert be ignored for Mac OS X?
I see what could cause a FP. I disabled the safe checks for the
moment until we found a better way to do that.
Thanks,
Nicolas
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
