CVE-2005-0746 - The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attac

CVE-2005-0746

Summary

The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command.

References

Vulnerable Configurations

cpe:2.3:a:novell:ichain:2.2:*:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.2:*:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.2:sp1:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.2:sp1:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.2:sp1a:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.2:sp1a:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.2:sp2:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.2:sp2:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.2:sp3:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.2:sp3:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.2.113:*:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.2.113:*:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.3:*:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.3:*:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.3:sp2:*:*:*:*:*:*
cpe:2.3:a:novell:ichain:2.3:sp2:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	12766
bugtraq	20050315 [ISR] - Novell iChain Mini FTP Server Unauthorized Remote Path Disclosure Vulnerability
confirm	http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096886.htm
misc	http://www.infobyte.com.ar/adv/ISR-03.html
sectrack	1013407
secunia	14537
xf	ichain-path-disclosure(19643)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32