Vulnerabilities > CVE-2005-3296
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_24395.NASL description s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883) last seen 2020-06-01 modified 2020-06-02 plugin id 16931 published 2005-02-16 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16931 title HP-UX PHNE_24395 : s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_24395. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16931); script_version("1.13"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2004-1332", "CVE-2005-3296"); script_xref(name:"HP", value:"emr_na-c00542740"); script_xref(name:"HP", value:"emr_na-c00898886"); script_xref(name:"HP", value:"HPSBUX00162"); script_xref(name:"HP", value:"HPSBUX02071"); script_xref(name:"HP", value:"SSRT051064"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_24395 : s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 (VVOS) ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00898886 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1aba643e" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00542740 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a8f47fb9" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_24395 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2001/08/28"); script_set_attribute(attribute:"patch_modification_date", value:"2006/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHNE_24395 applies to a different OS release."); } patches = make_list("PHNE_24395", "PHNE_31034", "PHNE_32813", "PHNE_34077"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"VirtualVaultOS.VVOS-AUX-IA", version:"B.11.04")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_23949.NASL description s700_800 11.00 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883) last seen 2020-06-01 modified 2020-06-02 plugin id 16577 published 2005-02-16 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16577 title HP-UX PHNE_23949 : s700_800 11.00 ftpd(1M) and ftp(1) patch code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_23949. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16577); script_version("1.14"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2004-1332", "CVE-2005-3296"); script_xref(name:"HP", value:"emr_na-c00542740"); script_xref(name:"HP", value:"emr_na-c00898886"); script_xref(name:"HP", value:"HPSBUX00162"); script_xref(name:"HP", value:"HPSBUX02071"); script_xref(name:"HP", value:"SSRT051064"); script_xref(name:"HP", value:"SSRT4883"); script_name(english:"HP-UX PHNE_23949 : s700_800 11.00 ftpd(1M) and ftp(1) patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 ftpd(1M) and ftp(1) patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited by a remote unauthenticated user to list directories with the privileges of the root user. (HPSBUX02071 SSRT051064) - ftpd and ftp incorrectly manage buffers. (HPSBUX00162 SSRT4883)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00898886 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1aba643e" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00542740 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a8f47fb9" ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_23949 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2001/05/18"); script_set_attribute(attribute:"patch_modification_date", value:"2006/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHNE_23949 applies to a different OS release."); } patches = make_list("PHNE_23949", "PHNE_29460", "PHNE_30989", "PHNE_33406", "PHNE_34543"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
accepted 2010-09-20T04:00:04.430-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. family unix id oval:org.mitre.oval:def:1029 status accepted submitted 2005-11-30T12:00:00.000-04:00 title HP-UX ftpd Remote Unauthorized Data Access (B.11.04) version 38 accepted 2007-10-02T08:08:07.720-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc.
description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. family unix id oval:org.mitre.oval:def:1212 status accepted submitted 2005-11-30T12:00:00.000-04:00 title HP-UX ftpd Remote Unauthorized Data Access (B.10.24) version 37 accepted 2008-08-04T04:00:07.820-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc. name Michael Wood organization Hewlett-Packard
description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. family unix id oval:org.mitre.oval:def:1276 status accepted submitted 2005-11-30T12:00:00.000-04:00 title HP-UX ftpd Remote Unauthorized Data Access version 39 accepted 2010-09-20T04:00:11.996-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. family unix id oval:org.mitre.oval:def:1439 status accepted submitted 2005-11-30T12:00:00.000-04:00 title HP-UX ftpd Remote Unauthorized Data Access (B.11.11) version 39 accepted 2010-09-20T04:00:12.538-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. family unix id oval:org.mitre.oval:def:1472 status accepted submitted 2005-11-30T12:00:00.000-04:00 title HP-UX ftpd Remote Unauthorized Data Access (B.10.20) version 39 accepted 2010-09-20T04:00:22.898-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. family unix id oval:org.mitre.oval:def:410 status accepted submitted 2006-09-22T05:48:00.000-04:00 title HP-UX ftpd Remote Unauthorized Data Access (B.11.04) version 41 accepted 2014-03-24T04:01:39.202-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation name Sushant Kumar Singh organization Hewlett-Packard
description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. family unix id oval:org.mitre.oval:def:421 status accepted submitted 2006-09-22T05:48:00.000-04:00 title HP-UX ftpd Remote Unauthorized Data Access (B.11.11) version 43 accepted 2007-03-21T16:17:19.299-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation
description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. family unix id oval:org.mitre.oval:def:438 status accepted submitted 2006-09-22T05:48:00.000-04:00 title HP-UX ftpd Remote Unauthorized Data Access (B.11.00) version 37 accepted 2014-03-10T04:00:51.146-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation name Sushant Kumar Singh organization Hewlett-Packard
description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. family unix id oval:org.mitre.oval:def:593 status accepted submitted 2006-09-22T05:48:00.000-04:00 title HP-UX ftpd Remote Unauthorized Data Access (B.11.23) version 42 accepted 2014-03-24T04:01:51.288-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Sushant Kumar Singh organization Hewlett-Packard
description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. family unix id oval:org.mitre.oval:def:615 status accepted submitted 2006-09-22T05:48:00.000-04:00 title HP-UX ftpd Remote Unauthorized Data Access (B.11.11) version 40 accepted 2010-09-20T04:00:36.346-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in. family unix id oval:org.mitre.oval:def:767 status accepted submitted 2005-11-30T12:00:00.000-04:00 title HP-UX ftpd Remote Unauthorized Data Access (B.10.01, B.10.10) version 39
References
- http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00126.html
- http://securitytracker.com/id?1015158
- http://www.frsirt.com/exploits/20051019.hpux_ftpd_preauth_list.pm.php
- http://www.securityfocus.com/bid/15138
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1029
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1212
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1276
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1439
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1472
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A410
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A421
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A438
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A593
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A615
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A767