Solaris 2.6/7.0 – IN.FTPD CWD ‘Username’ Enumeration

Solaris 2.6/7.0 – IN.FTPD CWD ‘Username’ Enumeration

漏洞ID 1053528 漏洞类型
发布时间 2001-04-11 更新时间 2001-04-11
图片[1]-Solaris 2.6/7.0 – IN.FTPD CWD ‘Username’ Enumeration-安全小百科CVE编号 N/A
图片[2]-Solaris 2.6/7.0 – IN.FTPD CWD ‘Username’ Enumeration-安全小百科CNNVD-ID N/A
漏洞平台 Solaris CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/20745
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/2564/info

Solaris is the variant of the UNIX Operating System distributed by Sun Microsystems. Solaris is a versatile operating system designed for use with machines as small as desktop systems and as large as enterprise systems.

A problem with the ftp daemon included with the Solaris Operating Environment could allow remote users to gain access to names of valid user accounts. Prior to logging in, while in.ftpd is still negotiating the session, it is possible to present a request for a change of working directory (CWD) to the ftp daemon. If the account is valid, the daemon will issue a request for login and password. If not, the daemon returns an error message stating that the login name is not valid.

Therefore, it is possible for a remote user to gather the names of local users on a Solaris system with ftp services. This may lead to spamming, or further compromise. 

nc vulnerable.host 21
220 gsmms0 FTP server (SunOS 5.6) ready.
cwd ~netadm
530 Please login with USER and PASS.
cwd ~xyz
530 Please login with USER and PASS.
550 Unknown user name after ~

相关推荐: Winsock FTPd Directory Transversal Vulnerability

Winsock FTPd Directory Transversal Vulnerability 漏洞ID 1103592 漏洞类型 Access Validation Error 发布时间 2000-11-27 更新时间 2000-11-27 CVE编号 N…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享