| VID |
16021 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
A problem in the ftp server included with the Solaris Operating System could allow a local user to recover parts of the shadow file, containing encrypted passwords. Due to a problem involving a buffer overflow in glob(), it is possible to cause a buffer overflow in the Solaris ftp server, which will dump parts of the shadow file to core. This can be simply done with the 'CWD ~' command, using a non-standard ftp client.
Therefore, a local user could cause a buffer overflow in the ftp server and get the part of shadow file in the server since the core file is world readable.
* References:
http://archives.neohapsis.com/archives/bugtraq/2001-04/0285.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F27843
* Platforms Affected:
Solaris 2.5, 2.5.1, 2.6, 7, 8 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Sun(sm) Alert Notification 27843, http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F27843 |
| Related URL |
CVE-2001-0421 (CVE) |
| Related URL |
2601 (SecurityFocus) |
| Related URL |
6422 (ISS) |
|
