NcFTP Local Information Disclosure Vulnerability
BID:10182
Info
NcFTP Local Information Disclosure Vulnerability
| Bugtraq ID: | 10182 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 20 2004 12:00AM |
| Updated: | Apr 20 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Konstantin Gavrilenko <[email protected]>. |
| Vulnerable: |
NcFTP Software NcFTP 3.1.7 NcFTP Software NcFTP 3.1.6 NcFTP Software NcFTP 3.1.5 NcFTP Software NcFTP 3.1.4 NcFTP Software NcFTP 3.1.3 NcFTP Software NcFTP 3.1.2 NcFTP Software NcFTP 3.1.1 NcFTP Software NcFTP 3.1 .0 NcFTP Software NcFTP 3.0.4 NcFTP Software NcFTP 3.0.3 NcFTP Software NcFTP 3.0.2 NcFTP Software NcFTP 3.0.1 NcFTP Software NcFTP 3.0 .0 |
| Not Vulnerable: | |
Discussion
NcFTP Local Information Disclosure Vulnerability
NcFTP has been reported prone to a local information disclosure vulnerability. The issue presents itself because the NcFTP client does not correctly obfuscate arguments that are passed to the client software. If NcFTP client has been launched with an ftp site URI as an argument, this argument will be visible in the 'ps -aux' process list.
NcFTP has been reported prone to a local information disclosure vulnerability. The issue presents itself because the NcFTP client does not correctly obfuscate arguments that are passed to the client software. If NcFTP client has been launched with an ftp site URI as an argument, this argument will be visible in the 'ps -aux' process list.
Exploit / POC
NcFTP Local Information Disclosure Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
NcFTP Local Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
NcFTP Local Information Disclosure Vulnerability
References:
References:
- NcFTP Home Page (NcFTP Software)
- NcFTP - password leaking (Konstantin Gavrilenko
)