CVE-2004-1948

NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=108247943201685&w=2
http://secunia.com/advisories/11438	Exploit Vendor Advisory
http://www.osvdb.org/5595
http://www.securityfocus.com/bid/10182	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15919

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ncftp_software:ncftp:3.0.0:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.0.1:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.0.2:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.0.3:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.0.4:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.1.0:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.1.1:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.1.2:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.1.3:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.1.4:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.1.5:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.1.6:::::::*
	cpe:2.3:a:ncftp_software:ncftp:3.1.7:::::::*

History

No history.

Information

Published : 2004-04-20 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2004-1948

Mitre link : CVE-2004-1948

CVE.ORG link : CVE-2004-1948

JSON object : View

Products Affected

ncftp_software

ncftp

CWE

NVD-CWE-Other

{"id": "CVE-2004-1948", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-04-20T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=108247943201685&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/11438", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/5595", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10182", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15919", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via \"ps aux,\" which displays the URL in the process list."}], "lastModified": "2017-07-11T01:31:29.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4465B8F4-7724-4689-850D-E6D80139CED7"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEF0F37A-78B1-412E-95CD-E71C86FE8191"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B76BBA94-E991-442E-9112-00B75E24D9F4"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46864AF6-9CC9-448D-9B37-71735C0D255D"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F4172CB-B527-4573-8F4C-0F5297377399"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DAE9558-3CA6-4F3C-A45C-458168322E66"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3340DBE8-BFA5-4A2E-8854-FFDBB5190AD8"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01299616-C41D-4FEC-9616-890239760774"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "334A8F5F-9E09-4B72-9CC7-A5CA9DA4D63B"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "378852D8-2916-46FF-97B4-1C0D54D1BE53"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B531753-DA42-45D8-9EA0-57F30C3AE3BF"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA354C98-88C9-4235-B5E6-E5B11208F0DA"}, {"criteria": "cpe:2.3:a:ncftp_software:ncftp:3.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B852FE5-8706-4404-8EA5-65B0EF127745"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}