SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   iChain Vendors:   Novell
Novell iChain Mini FTP Server Does Not Limit Invalid Authentication Attempts
SecurityTracker Alert ID:  1013408
SecurityTracker URL:  http://securitytracker.com/id/1013408
CVE Reference:   CVE-2005-0798   (Links to External Site)
Updated:  Nov 13 2006
Original Entry Date:  Mar 9 2005
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.3 and prior versions
Description:   A vulnerability was reported in Novell iChain in the Mini FTP Server. The FTP service does not limit unsuccessful login attempts.

The MiniFTP server does not perform intruder detection or failed login lockout. If the MiniFTP server is enabled and access to the MiniFTP server is enabled, then a remote user can make unlimited login attempts without being locked out.

Impact:   A remote user can make unlimited, unsuccessful login attempts.
Solution:   The vendor has issued a fix as part of iChain 2.3 Support Pack 4 Interim Release 2 version 2.3.320.

The Novell advisories are available at:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096886.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974706.htm

Vendor URL:  support.novell.com/cgi-bin/search/searchtid.cgi?/2974706.htm (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC