CVE-2001-0421

Name of the Vulnerable Software and Affected Versions Solaris versions 8 and earlier

Description The issue allows local and remote attackers to cause a core dump in the root directory by providing a valid username with an invalid password followed by a CWD ~ command. This could release sensitive information, such as shadowed passwords, or fill the disk partition.

Recommendations For Solaris versions 8 and earlier, consider restricting access to the FTP server until a fix is available. As a temporary workaround, limit the use of the CWD ~ command to minimize the risk of exploitation.