Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!usc!ucsd!ucbvax!hplabs!hp-ses!jmc
From: jmc@hp-ses.SDE.HP.COM (Jerry McCollom)
Newsgroups: comp.sys.hp
Subject: Re: Security holes in HP-UX
Message-ID: <920049@hp-ses.SDE.HP.COM>
Date: 18 Jan 90 15:18:09 GMT
References: <6017@cps3xx.UUCP>
Organization: HP SW Engineering Systems - Palo Alto, CA
Lines: 15


This may be a known security problem with the 6.2 ftpd which does indeed
have a patch available.  See your SE about getting a patch for the 6.2
ftpd.

>        There are no list of security holes in HPUX (such things do not
>        exist ... security holes, I mean :-) Anyway, what I would
>        recommend here is that you remove . from your root PATH variable
>        (if you have it in) as this a known "feature".

Your SE will know of patches and workarounds to known security problems.
Having . in your PATH would not explain an ftp security hole.

Jerry McCollom
Hewlett Packard, Colorado Networks Division