Vulnerability Description
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ncftp Software | Ncftp | 3.0.0 |
References
- http://marc.info/?l=bugtraq&m=108247943201685&w=2
- http://secunia.com/advisories/11438ExploitVendor Advisory
- http://www.osvdb.org/5595
- http://www.securityfocus.com/bid/10182Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15919
- http://marc.info/?l=bugtraq&m=108247943201685&w=2
- http://secunia.com/advisories/11438ExploitVendor Advisory
- http://www.osvdb.org/5595
- http://www.securityfocus.com/bid/10182Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15919
FAQ
What is CVE-2004-1948?
CVE-2004-1948 is a vulnerability with a CVSS score of 4.6 (MEDIUM). NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which dis...
How severe is CVE-2004-1948?
CVE-2004-1948 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1948?
Check the references section above for vendor advisories and patch information. Affected products include: Ncftp Software Ncftp.