CVE-2005-1025

Currently unrated

Key Information:

Vendor: IBM
Status: Iseries As 400
Vendor: CVE Published:; 2 May 2005

Summary

The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.

References

http://www.osvdb.org/15300

vdb-entryx_refsource_OSVDB

http://www.venera.com/downloads/AS400_user_accounts_ftp_d...

x_refsource_MISC

http://marc.info/?l=bugtraq&m=111264136829017&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 10, 2005