Novell iChain Mini FTP Server Remote Information Disclosure Vulnerability

Bugtraq ID:	12811
Class:	Boundary Condition Error
CVE:	CVE-2005-0797
Remote:	Yes
Local:	No
Published:	Mar 15 2005 12:00AM
Updated:	Jul 12 2009 10:56AM
Credit:	Discovery of this vulnerability is credited to "Francisco Amato" <[email protected]>.
Vulnerable:	Novell iChain Server 2.3 SP2 Novell iChain Server 2.3 Novell iChain Server 2.2.113 Novell iChain Server 2.2 SP3 Novell iChain Server 2.2 SP2 Novell iChain Server 2.2 SP1 Novell iChain Server 2.2 FP1a Novell iChain Server 2.2 FP1 Novell iChain Server 2.2
Not Vulnerable:

Novell iChain Mini FTP Server Remote Information Disclosure Vulnerability

Novell iChain Mini FTP server is reported prone to a remote information disclosure vulnerability. It is reported that during authentication the service responds with different messages based on valid or invalid usernames.

Information that is harvested in this manner may then be used to aid in further attacks.

Novell iChain Mini FTP Server Remote Information Disclosure Vulnerability

No exploit is required.

Novell iChain Mini FTP Server Remote Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Novell iChain Mini FTP Server Remote Information Disclosure Vulnerability

References:

• Novell Support (Novell)
  
• [ISR] - Novell iChain Mini FTP Server Valid User Disclosure Vulnerability ("Francisco Amato" )