CVE-2005-1025

2005-04-0904:00:00

mitre

www.cve.org

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.4%

JSON

The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.

References

marc.info/?l=bugtraq&m=111264136829017&w=2

www.osvdb.org/15300

www.venera.com/downloads/AS400_user_accounts_ftp_disclosure.pdf