Oy...there goes the neighborhood. NetView is clean, but a bunch of
devices in the average network are likely to be vulnerable:
http://www.cert.org/advisories/CA-2002-03.html
I'm curious if anyone know how NetView got branded as not vulnerable
to trap format string attacks without the dependency on the security
e-Fix from 6.02 that came out in response to:
http://www.cert.org/advisories/CA-2001-24.html
Perhaps because that vulnerability only existed if you launched
external scripts in event processing forked by ovactiond?
--
Todd H.
http://www.toddh.net/