| Vulnerability Name: | CVE-2005-3296 (CCN-22830) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2005-10-19 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2005-10-19 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: HP Type: UNKNOWN SSRT051064 Source: MITRE Type: CNA CVE-2005-3296 Source: CCN Type: Metasploit Project Web site The Metasploit Project Source: CCN Type: SECTRACK ID: 1015158 HP-UX ftpd LIST Command Lets Remote Authenticated Users View Directory Contents Source: SECTRACK Type: UNKNOWN 1015158 Source: MISC Type: Exploit http://www.frsirt.com/exploits/20051019.hpux_ftpd_preauth_list.pm.php Source: CCN Type: OSVDB ID: 20680 HP-UX ftpd LIST Command Unauthenticated Directory Listing Source: BID Type: Exploit 15138 Source: CCN Type: BID-15138 HP-UX FTP Server Directory Listing Vulnerability Source: CCN Type: HP IT Resource Center Maintenance and Support (HP Products) Source: XF Type: UNKNOWN hpux-ftp-server-obtain-information(22830) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1029 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1212 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1276 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1439 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1472 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:410 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:421 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:438 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:593 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:615 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:767 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||