Alcatel Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Apple Computer Inc. Not Affected

Notified:  January 16, 2003 Updated: January 20, 2003

Status

Not Affected

Vendor Statement

The currently-shipping FTP client for Mac OS X and Mac OS X Server does not contain the vulnerability described in this advisory.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

AT&T Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Avaya Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

BSDI Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cisco Systems Inc. Not Affected

Notified:  January 16, 2003 Updated: January 24, 2003

Status

Not Affected

Vendor Statement

All Cisco software which is not based on a variant of Unix is not affected by this vulnerability. This list includes but is not limited to Cisco IOS, CatOS and PIX software. Cisco products which run on a customer supplied Unix or Linux based platform should check with their operating system vendor to determine their vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Compaq Computer Corporation Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Computer Associates Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Conectiva Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cray Inc. Not Affected

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Not Affected

Vendor Statement

Cray Inc. is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Data General Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Debian Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Engarde Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

F5 Networks Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

FreeBSD Not Affected

Notified:  January 16, 2003 Updated: January 21, 2003

Status

Not Affected

Vendor Statement

FreeBSD is not affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Fujitsu Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company Not Affected

Notified:  January 16, 2003 Updated: January 28, 2003

Status

Not Affected

Vendor Statement

Source: Hewlett-Packard Company Software Security Response Team cross reference id: SSRT3456 HP-UX - not vulnerable HP-MPE/ix - not vulnerable HP Tru64 UNIX - not vulnerable HP OpenVMS - not vulnerable HP NonStop Servers - not vulnerable To report potential security vulnerabilities in HP software, send an E-mail message to: mailto:security-alert@hp.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hitachi Not Affected

Notified:  January 16, 2003 Updated: January 24, 2003

Status

Not Affected

Vendor Statement

GR2000 router is not vulnerable described by this notice.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM Not Affected

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Not Affected

Vendor Statement

The ftp client in IBM's AIX operating system is not vulnerable to this issue. The ftp client does not allow files beginning with pipe symbols ("|") to be retrieved. In this case,the client will return an error message.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Ingrian Networks Not Affected

Notified:  January 16, 2003 Updated: January 17, 2003

Status

Not Affected

Vendor Statement

Ingrian Networks has determined that no Ingrian platforms are vulnerable to this attack.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Intel Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Juniper Networks Not Affected

Notified:  January 16, 2003 Updated: January 20, 2003

Status

Not Affected

Vendor Statement

Juniper has determined that none of our platforms are affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lachman Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lotus Software Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lucent Technologies Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MandrakeSoft Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Microsoft Corporation Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MIT Kerberos Development Team Affected

Notified:  January 17, 2003 Updated: January 24, 2003

Status

Affected

Vendor Statement

By inspection of the code, MIT krb5 releases up to and including krb5-1.2.7 appear to be vulnerable. Our development sources also appear to be vulnerable. We will be working on a patch.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MontaVista Software Not Affected

Notified:  January 16, 2003 Updated: January 20, 2003

Status

Not Affected

Vendor Statement

MontaVista Software's Linux products are not vulnerable to this problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Multinet Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Multi-Tech Systems Inc. Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NEC Corporation Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetBSD Not Affected

Notified:  January 16, 2003 Updated: January 24, 2003

Status

Not Affected

Vendor Statement

The FTP client shipped with currently supported versions of NetBSD is not vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Netscreen Not Affected

Notified:  January 16, 2003 Updated: January 24, 2003

Status

Not Affected

Vendor Statement

NetScreen is not vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Network Appliance Not Affected

Notified:  January 16, 2003 Updated: January 20, 2003

Status

Not Affected

Vendor Statement

NetApp products are not affected by this.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NeXT Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nokia Not Affected

Notified:  January 16, 2003 Updated: January 24, 2003

Status

Not Affected

Vendor Statement

Nokia IP Security Platforms based on the IPSO operating system are not susceptible to this vulnerability. Nokia Small Office Products do not contain an ftp client and so are not susceptible to this vulnerability. Nokia VPN products do not contain FTP client or server, and the AlchemyOS operating system does not allow for piping. Nokia VPN products are not susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nortel Networks Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenBSD Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Openwall GNU/*/Linux Not Affected

Notified:  January 16, 2003 Updated: January 20, 2003

Status

Not Affected

Vendor Statement

The "lftp" client used on Openwall GNU/*/Linux doesn't have the vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Oracle Corporation Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Redback Networks Inc. Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Red Hat Inc. Affected

Notified:  January 16, 2003 Updated: February 03, 2003

Status

Affected

Vendor Statement

Red Hat has audited the various ftp clients distributed as part of Red Hat Linux. The ftp client that ships as part of the Kerberos 5 packages (krb5-workstation) is vulnerable to these issues. Updated packages are now available along with our advisory at the URL below. Users of Red Hat can update their systems using the 'up2date' tool. http://rhn.redhat.com/errata/RHSA-2003-020.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Riverstone Networks Not Affected

Notified:  January 16, 2003 Updated: January 17, 2003

Status

Not Affected

Vendor Statement

Riverstone Networks does not provide an FTP client and is not vulnerable to this problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sequent Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SGI Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sony Corporation Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Microsystems Inc. Affected

Notified:  January 16, 2003 Updated: January 24, 2003

Status

Affected

Vendor Statement

This issue was addressed in Solaris 7 and patched in earlier releases. Thus this issue does not affect Solaris 7, 8 and 9. The only affected and supported version of Solaris is 2.6 with the following patches available: 106522-01 or later (SPARC) and 106523-01 or later (x86). Sun will be publishing a Sun Alert available from the following location for this issue: http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/50222

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SuSE Inc. Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

The SCO Group (SCO Linux) Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

The SCO Group (SCO UnixWare) Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Unisys Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wind River Systems Inc. Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wirex Unknown

Notified:  January 16, 2003 Updated: January 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Xerox Corporation Affected

Notified:  January 16, 2003 Updated: May 30, 2003

Status

Affected

Vendor Statement

A response to this vulnerability is available from our web site: http://www.xerox.com/security.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

View all 55 vendors View less vendors