FTP Server Vulnerability in iSeries AS/400 by IBM
CVE-2005-1238

Currently unrated

Key Information:

Vendor: IBM
Status: Iseries As 400
Vendor: CVE Published:; 2 May 2005

Summary

The FTP server built into the iSeries AS/400 systems fails to implement a restricted document root by design. This oversight enables attackers to perform unauthorized actions, such as reading or writing arbitrary files. By exploiting this vulnerability, an attacker can leverage full pathnames in both GET and PUT requests to gain access to sensitive databases like QSYS, potentially compromising the integrity and confidentiality of critical system data.

References

http://www.securityfocus.com/archive/1/396628

mailing-listx_refsource_BUGTRAQ

http://www.venera.com/downloads/Canonicalization_problems...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/20260

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 24, 2005