| GEN:SID | 1:1728 |
| Message | FTP CWD ~ attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in the ftp server included with version 2.6 of the Sun Solaris operating system.
|
| Impact | Serious.
|
| Detailed Information | An error in the ftp daemon supplied with version 2.6 of Sun's Solaris operating system can cause the daemon to overflow a buffer and generate a core file that is world readable.
The attacker may also be able to fill the disk partition by generating core files.
|
| Affected Systems | Sun Solaris 2.6
|
| Attack Scenarios | An attacker can use a non-standard ftp client or initiate a session with the ftp server and issue a CWD ~ command. The attacker may then be able to read the core file and recover usernames and passwords for other users on the system
|
| Ease of Attack | Simple
|
| Corrective Action | Apply the appropriate vendor supplied patches
Upgrade to the latest non-affected version of the software
|
| Additional References | |
| Rule References | bugtraq: 2601
cve: 2001-0421
|