CVE-2005-3296 Information

Description

The FTP server in HP-UX 10.20 B.11.00 and B.11.11 allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.

Reference

http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00126.html http://securitytracker.com/id?1015158 http://www.frsirt.com/exploits/20051019.hpux_ftpd_preauth_list.pm.php http://www.securityfocus.com/bid/15138 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1029 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1212 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1276 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1439 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1472 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A410 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A421 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A438 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A593 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A615 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A767