SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   iChain Vendors:   Novell
Novell iChain Mini FTP Server Discloses Installation Path to Remote Users
SecurityTracker Alert ID:  1013407
SecurityTracker URL:  http://securitytracker.com/id/1013407
CVE Reference:   CVE-2005-0746   (Links to External Site)
Updated:  Nov 13 2006
Original Entry Date:  Mar 9 2005
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.3 and prior versions
Description:   A vulnerability was reported in Novell iChain in the Mini FTP Server. A remote user can determine the installation path.

If the Mini FTP server is enabled on the target iChain server and if access controls are not enabled for the FTP service, then a remote user can issue the FTP PWD command to display the working directory.

Impact:   A remote user can determine the installation path.
Solution:   The vendor has issued a fix as part of iChain 2.3 Support Pack 4 Interim Release 2 version 2.3.320.

The Novell advisories are available at:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096886.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974706.htm

Vendor URL:  support.novell.com/cgi-bin/search/searchtid.cgi?/2974706.htm (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC