Intrusion Prevention

HP.UX.FTP.Server.Directory.Listing

Description

It indicates a possible exploit of a directory listing vulnerability in the FTP server in HP-UX that may allow remote attackers to list arbitrary directories as root by running the LIST command before logging in.

Affected Products

HP HP-UX 11.0 4
HP HP-UX 11.0
HP HP-UX 10.20
HP HP-UX B.11.11
HP HP-UX B.11.04
HP HP-UX B.11.00

Impact

Information disclosure.

Recommended Actions

Refer to the vendor's web site for suggested workaround.
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00542740

CVE References

CVE-2008-5626 CVE-2005-3296