Skip to main content

CVE-2001-0421

Severity Medium
Score 6.4/10

Summary

FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.

  • LOW
  • NETWORK
  • NONE
  • NONE
  • PARTIAL
  • PARTIAL

References

Advisory Timeline

  • Published