CVE-2005-1025 Information

Description

The FTP server in AS/400 4.3 when running in IFS mode allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility as demonstrated using the QSYS.LIB library.

Reference

http://marc.info/?l=bugtraq&m=111264136829017&w=2 http://www.osvdb.org/15300 http://www.venera.com/downloads/AS400_user_accounts_ftp_disclosure.pdf