Solaris 9 in.ftpd security flaw

Published: 2006-05-21
Last Updated: 2006-05-21 18:57:09 UTC
by Scott Fendley (Version: 1)
0 comment(s)
Good afternoon all,

In the midst of the Microsoft Word 0-day vulnerability (and the start of the summer vacation season), a few security issues managed to be overlooked by me this past week. 

Sun Microsystems released an advisory concerning a security flaw in the ftp daemon installed by default in Solaris 9.  This vulnerability may allow local or remote unprivileged users to access directories outside of their home directory or to log in with their $HOME directory set to the root directory of  "/" (slash) if certain options are in use.

Sun is working on an appropriate fix so keep an eye on your log files, or disable the ftp service under Solaris if it is not necessary. For more information, please see the Sunsolve document located at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1


---
Scott Fendley
Handler on Duty
Keywords:
0 comment(s)

Comments


Diary Archives