IBM FTPD Local Information Disclosure Vulnerability
BID:21941
Info
IBM FTPD Local Information Disclosure Vulnerability
| Bugtraq ID: | 21941 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 08 2007 12:00AM |
| Updated: | Jan 09 2007 01:07AM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
IBM AIX 5.3 |
| Not Vulnerable: | |
Discussion
IBM FTPD Local Information Disclosure Vulnerability
IBM FTPD is prone to a local information-disclosure vulnerability that arises because of a design error.
A successful attack can allow a local attacker to gain access to the passwords for the 'puseronly' and 'pgrouponly' password-protected anonymous users.
IBM AIX 5.3.0.30 and later versions are reported vulnerable to this issue.
IBM FTPD is prone to a local information-disclosure vulnerability that arises because of a design error.
A successful attack can allow a local attacker to gain access to the passwords for the 'puseronly' and 'pgrouponly' password-protected anonymous users.
IBM AIX 5.3.0.30 and later versions are reported vulnerable to this issue.
Exploit / POC
IBM FTPD Local Information Disclosure Vulnerability
An attacker needs local interactive access to exploit this issue.
An attacker needs local interactive access to exploit this issue.
Solution / Fix
IBM FTPD Local Information Disclosure Vulnerability
Solution:
IBM has released fixes to address this issue; please see the reference section for details.
IBM AIX 5.3
Solution:
IBM has released fixes to address this issue; please see the reference section for details.
IBM AIX 5.3
-
IBM ftpd2_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/ftpd2_ifix.tar.Z -
IBM IY89168
http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html