Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Solaris FTP Core Dump文件泄漏用户口令散列漏洞
Vulnerability Description
Solaris是Sun公司的一个著名的UNIX操作系统产品,应用非常广泛。 2.6版本Solaris的FTP服务程序存在一个漏洞可能导致shadow文件内容泄露,其中包含了系统用户的密码散列。而默认情况下只有root可以读取shadow文件。 Solaris 的in.ftpd在用户登陆前接收到一个'CWD ~'请求时,会将用户的home目录拷贝到一个缓冲区中。然而用户没有登陆前,这个home指针为空。这将造成一个段访问错误发生,ftpd会在系统根目录下产生一个core文件。这个core文件中可能包含sha
CVSS Information
N/A
Vulnerability Type
N/A