Vulnerabilities > CVE-2001-0421 - Unspecified vulnerability in SUN Solaris and Sunos

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

sun

exploit available

NVD

Published: 2001-07-02

Updated: 2018-10-30

Summary

FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Solaris 2.6 SUN Sunos - SUN Sunos 3.5 SUN Sunos 4.0 SUN Sunos 4.0.1 SUN Sunos 4.0.2 SUN Sunos 4.0.3 SUN Sunos 4.0.3C SUN Sunos 4.1 SUN Sunos 4.1.1 SUN Sunos 4.1.2 SUN Sunos 4.1.3 SUN Sunos 4.1.3C SUN Sunos 4.1.3U1 SUN Sunos 4.1.4 SUN Sunos 4.1Psr_A SUN Sunos 5.0 SUN Sunos 5.1 SUN Sunos 5.2 SUN Sunos 5.3 SUN Sunos 5.4 SUN Sunos 5.5 SUN Sunos 5.5.1 SUN Sunos 5.6 SUN Sunos 5.7 SUN Sunos 5.8 SUN Sunos 5.9	27

Exploit-Db

description	Solaris 2.6 FTP Core Dump Shadow Password Recovery Vulnerability. CVE-2001-0421. Remote exploit for solaris platform
id	EDB-ID:20764
last seen	2016-02-02
modified	2001-04-17
published	2001-04-17
reporter	warning3
source	https://www.exploit-db.com/download/20764/
title	Solaris 2.6 FTP Core Dump Shadow Password Recovery Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References