Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   iChain Vendors:   Novell
Novell iChain Mini FTP Server Discloses Installation Path to Remote Users
SecurityTracker Alert ID:  1013407
SecurityTracker URL:
CVE Reference:   CVE-2005-0746   (Links to External Site)
Updated:  Nov 13 2006
Original Entry Date:  Mar 9 2005
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.3 and prior versions
Description:   A vulnerability was reported in Novell iChain in the Mini FTP Server. A remote user can determine the installation path.

If the Mini FTP server is enabled on the target iChain server and if access controls are not enabled for the FTP service, then a remote user can issue the FTP PWD command to display the working directory.

Impact:   A remote user can determine the installation path.
Solution:   The vendor has issued a fix as part of iChain 2.3 Support Pack 4 Interim Release 2 version 2.3.320.

The Novell advisories are available at:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC