Vigil@nce: AIX, information disclosure via FTP NLST
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use the FTP NLST (or LIST) command, in order to
force the ftpd daemon to generate a coredump, containing sensitive
information.
– Severity: 2/4
– Creation date: 19/07/2010
DESCRIPTION OF THE VULNERABILITY
The FTP NLST command lists names of files located in a directory.
The FTP LIST command lists files located in a directory.
The home directory of a user can be represented as " user".
When an attacker connects to the FTP service of AIX, and sends a
NLST/LIST command with a long home directory, a core dump occurs.
This vulnerability may lead to code execution.
If the attacker was in a writable directory of the FTP server,
this server also generates a coredump file. The attacker can then
read this file, which can for example contain hashed passwords.
An attacker can therefore use the FTP NLST/LIST command, in order
to force the ftpd daemon to generate a coredump, containing
sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/AIX-information-disclosure-via-FTP-NLST-9774