Vulnerabilities > CVE-2005-1025 - Information Disclosure vulnerability in IBM Iseries AS 400 4.3

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

NVD

Published: 2005-05-02

Updated: 2016-10-18

Summary

The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.

Vulnerable Configurations

Part	Description	Count
Hardware	Ibm IBM Iseries AS 400 4.3	1

References

http://marc.info/?l=bugtraq&m=111264136829017&w=2
http://www.osvdb.org/15300
http://www.venera.com/downloads/AS400_user_accounts_ftp_disclosure.pdf