ID CVE-2005-3296
Summary The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
References
Vulnerable Configurations
  • HP HP-UX 10.20
    cpe:2.3:o:hp:hp-ux:10.20
  • HP-UX 11.00
    cpe:2.3:o:hp:hp-ux:11.00
  • HP-UX 11.11
    cpe:2.3:o:hp:hp-ux:11.11
CVSS
Base: 10.0 (as of 24-10-2005 - 09:07)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_23949.NASL
    description s700_800 11.00 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883)
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 16577
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16577
    title HP-UX PHNE_23949 : s700_800 11.00 ftpd(1M) and ftp(1) patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_24395.NASL
    description s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883)
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 16931
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16931
    title HP-UX PHNE_24395 : s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch
oval via4
  • accepted 2010-09-20T04:00:04.430-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:1029
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.04)
    version 34
  • accepted 2007-10-02T08:08:07.720-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:1212
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.10.24)
    version 33
  • accepted 2008-08-04T04:00:07.820-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Michael Wood
      organization Hewlett-Packard
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:1276
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access
    version 35
  • accepted 2010-09-20T04:00:11.996-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:1439
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.11)
    version 35
  • accepted 2010-09-20T04:00:12.538-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:1472
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.10.20)
    version 35
  • accepted 2010-09-20T04:00:22.898-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:410
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.04)
    version 37
  • accepted 2014-03-24T04:01:39.202-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:421
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.11)
    version 39
  • accepted 2007-03-21T16:17:19.299-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:438
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.00)
    version 33
  • accepted 2014-03-10T04:00:51.146-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:593
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.23)
    version 38
  • accepted 2014-03-24T04:01:51.288-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:615
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.11)
    version 36
  • accepted 2010-09-20T04:00:36.346-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:767
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.10.01, B.10.10)
    version 35
refmap via4
bid 15138
hp
  • HPSBUX02071
  • SSRT051064
misc http://www.frsirt.com/exploits/20051019.hpux_ftpd_preauth_list.pm.php
sectrack 1015158
Last major update 07-03-2011 - 21:26
Published 23-10-2005 - 17:02
Last modified 10-10-2017 - 21:30
Back to Top