FTP server in Solaris 8 and previous versions allows local and remote malicious users to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun solaris 2.6 |
||
sun sunos |