Description
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by warning3 · textremotesolaris
https://www.exploit-db.com/exploits/20764
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/177200
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2601
Scores
EPSS
0.0244
EPSS Percentile
85.3%
Details
Status
published
Products (2)
sun/solaris
2.6
sun/sunos
< 5.9
Published
Jul 02, 2001
Tracked Since
Feb 18, 2026