CVE-2005-0746
CVSS5.0
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:14:07
NMCOS    

[原文]The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command.


[CNNVD]Novell iChain Mini FTP Server非授权远程路径泄漏漏洞(CNNVD-200505-438)

        Novell iChain是一款集成的安全解决方案,可以有效的控制对网络资源的访问。Novell iChain Mini FTP Server允许未经认证就执行PWD命令,从而导致路径信息泄露。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:novell:ichain:2.2Novell iChain 2.2
cpe:/a:novell:ichain:2.2:sp1a
cpe:/a:novell:ichain:2.3Novell iChain 2.3
cpe:/a:novell:ichain:2.2:sp1
cpe:/a:novell:ichain:2.3:sp2
cpe:/a:novell:ichain:2.2:sp2
cpe:/a:novell:ichain:2.2:sp3
cpe:/a:novell:ichain:2.2.113

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0746
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0746
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-438
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=111091102023359&w=2
(UNKNOWN)  BUGTRAQ  20050315 [ISR] - Novell iChain Mini FTP Server Unauthorized Remote Path Disclosure Vulnerability
http://securitytracker.com/id?1013407
(UNKNOWN)  SECTRACK  1013407
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096886.htm
(UNKNOWN)  CONFIRM  http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096886.htm
http://www.infobyte.com.ar/adv/ISR-03.html
(UNKNOWN)  MISC  http://www.infobyte.com.ar/adv/ISR-03.html
http://www.securityfocus.com/bid/12766
(UNKNOWN)  BID  12766
http://xforce.iss.net/xforce/xfdb/19643
(UNKNOWN)  XF  ichain-path-disclosure(19643)

- 漏洞信息

Novell iChain Mini FTP Server非授权远程路径泄漏漏洞
中危 访问验证错误
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        Novell iChain是一款集成的安全解决方案,可以有效的控制对网络资源的访问。Novell iChain Mini FTP Server允许未经认证就执行PWD命令,从而导致路径信息泄露。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096886.htm

- 漏洞信息

14620
Novell iChain Mini FTP Server PWD Command Path Disclosure

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-03-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Novell iChain Mini FTP Server Unauthorized Remote Path Disclosure Vulnerability
Access Validation Error 12766
Yes No
2005-03-09 12:00:00 2009-07-12 10:56:00
This issue was reported by the vendor.

- 受影响的程序版本

Novell iChain Server 2.3 SP2
Novell iChain Server 2.3
Novell iChain Server 2.2.113
Novell iChain Server 2.2 SP3
Novell iChain Server 2.2 SP2
Novell iChain Server 2.2 SP1
Novell iChain Server 2.2 FP1a
Novell iChain Server 2.2 FP1
Novell iChain Server 2.2

- 漏洞讨论

Novell iChain Mini FTP server is reported prone to a remote path disclosure vulnerability.

This issue can allow an unauthorized attacker to disclose the iChain FTP server path.

The information gathered through the exploitation of this issue may aid in other attacks against a vulnerable computer.

Novell iChain 2.2, 2.3, and .3 Support Pack 2 are reported vulnerable.

- 漏洞利用

An exploit is not required.

- 解决方案

Novell has released Technical Information Document 10096886 to address this issue. Please see the document in Web references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站