mike@quench.lbl.gov (Michael Helm) (12/11/88)
Does anyone know if the recently-publicized "ftpd" security problems apply to HP-UX versions? If so, has HP or knowledgeable 3rd party made a solid port of the improved ftpd to HP-UX (I'm interested mainly in hp9000-3xx-ish, HPUX 6.x)? I'd appreciate hearing from anyone who knows more about this. Thanks, Michael Helm (Internet M_Helm@lbl.gov)
human@hpindda.HP.COM (Aaron Schuman) (12/13/88)
The patch to the ftp security defect is finished, tested, and available now. Your SE will be receiving a letter soon explaining the problem and the solution. He/she can provide you with the binary.
dunlap@apl-em.UUCP (John Dunlap) (12/14/88)
I would appreciate knowing if Wollongong has expunged from their Series 500 TCP/IP package the features that allowed the recent Internet worm access via sendmail and fingerd. How about the ftpd features that allow anonymous ftp to become super user? We are considering the purchase of above package and wonder how well it works. I would like to hear from anyone using Wollongong TCP/IP software on the series 500. Speed, reliability, system crashes, CPU load impact, support, satisfaction, etc. John Dunlap hpubvwa!apl-em!dunlap dunlap@slew.apl.washington.edu (206) 543 7207
bruce@hpcvra.HP.COM (Bruce Stephens) (12/15/88)
I hope everyone has already installed the fix, since I heard on NPR's "Morning Edition" program yesterday a description of how to take advantage of the bug. I doubt that I am the only person who heard the program. -- Bruce Stephens bruce%hp-pcd@hplabs