FTP Server Vulnerability in AS/400 from IBM
CVE-2005-1025

Currently unrated

Key Information:

Vendor: IBM
Status: Iseries As 400
Vendor: CVE Published:; 2 May 2005

Summary

The FTP server in IBM's AS/400 version 4.3, when operating in Integrated File System (IFS) mode, is susceptible to an information disclosure vulnerability. Attackers can exploit this flaw by employing a symlink attack using the RCMD command along with the ADDLNK utility. This method can potentially expose sensitive information stored in the system libraries, including the critical QSYS.LIB library. Proper configuration and security measures are essential to mitigate the risks associated with this vulnerability.

References

http://www.osvdb.org/15300

vdb-entryx_refsource_OSVDB

http://www.venera.com/downloads/AS400_user_accounts_ftp_d...

x_refsource_MISC

http://marc.info/?l=bugtraq&m=111264136829017&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 10, 2005