ID CVE-2005-3296
Summary The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
References
Vulnerable Configurations
  • cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2010-09-20T04:00:04.430-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:1029
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.04)
    version 38
  • accepted 2007-10-02T08:08:07.720-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:1212
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.10.24)
    version 37
  • accepted 2008-08-04T04:00:07.820-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Michael Wood
      organization Hewlett-Packard
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:1276
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access
    version 39
  • accepted 2010-09-20T04:00:11.996-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:1439
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.11)
    version 39
  • accepted 2010-09-20T04:00:12.538-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:1472
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.10.20)
    version 39
  • accepted 2010-09-20T04:00:22.898-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:410
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.04)
    version 41
  • accepted 2014-03-24T04:01:39.202-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:421
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.11)
    version 43
  • accepted 2007-03-21T16:17:19.299-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:438
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.00)
    version 37
  • accepted 2014-03-10T04:00:51.146-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:593
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.23)
    version 42
  • accepted 2014-03-24T04:01:51.288-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:615
    status accepted
    submitted 2006-09-22T05:48:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.11.11)
    version 40
  • accepted 2010-09-20T04:00:36.346-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
    family unix
    id oval:org.mitre.oval:def:767
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title HP-UX ftpd Remote Unauthorized Data Access (B.10.01, B.10.10)
    version 39
refmap via4
bid 15138
hp
  • HPSBUX02071
  • SSRT051064
misc http://www.frsirt.com/exploits/20051019.hpux_ftpd_preauth_list.pm.php
sectrack 1015158
Last major update 11-10-2017 - 01:30
Published 23-10-2005 - 21:02
Last modified 11-10-2017 - 01:30
Back to Top