Summary
Detail | |||
---|---|---|---|
Vendor | Alexander V. Lukyanov | First view | 2007-04-27 |
Product | Lftp | Last view | 2010-07-06 |
Version | 3.5.6 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:alexander_v._lukyanov:lftp |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2010-07-06 | CVE-2010-2251 | The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. |
6.8 | 2007-04-27 | CVE-2007-2348 | mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
64713 | LFTP lftpget get1 Command Content-Disposition Header Suggested Filename Arbit... |
35596 | lftp mirror --script Arbitrary Code Execution Weakness |
OpenVAS Exploits
id | Description |
---|---|
2011-08-09 | Name : CentOS Update for lftp CESA-2009:1278 centos5 i386 File : nvt/gb_CESA-2009_1278_lftp_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for lftp CESA-2010:0585 centos5 i386 File : nvt/gb_CESA-2010_0585_lftp_centos5_i386.nasl |
2010-10-10 | Name : FreeBSD Ports: lftp File : nvt/freebsd_lftp0.nasl |
2010-09-10 | Name : Ubuntu Update for lftp vulnerability USN-984-1 File : nvt/gb_ubuntu_USN_984_1.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2085-1 (lftp) File : nvt/deb_2085_1.nasl |
2010-08-06 | Name : RedHat Update for lftp RHSA-2010:0585-01 File : nvt/gb_RHSA-2010_0585-01_lftp.nasl |
2010-07-12 | Name : Mandriva Update for lftp MDVSA-2010:128 (lftp) File : nvt/gb_mandriva_MDVSA_2010_128.nasl |
2010-07-02 | Name : Fedora Update for lftp FEDORA-2010-9819 File : nvt/gb_fedora_2010_9819_lftp_fc12.nasl |
2010-04-29 | Name : Mandriva Update for epiphany MDVA-2010:128 (epiphany) File : nvt/gb_mandriva_MDVA_2010_128.nasl |
2010-04-29 | Name : Mandriva Update for epiphany MDVA-2010:128-1 (epiphany) File : nvt/gb_mandriva_MDVA_2010_128_1.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1278 (lftp) File : nvt/ovcesa2009_1278.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1278 File : nvt/RHSA_2009_1278.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2010-0585.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20090902_lftp_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20100802_lftp_for_SL_5.nasl - Type: ACT_GATHER_INFO |
2010-09-08 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-984-1.nasl - Type: ACT_GATHER_INFO |
2010-09-04 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_29b7e3f4b6a911dfae63f255a795cb21.nasl - Type: ACT_GATHER_INFO |
2010-08-05 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2085.nasl - Type: ACT_GATHER_INFO |
2010-08-03 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2010-0585.nasl - Type: ACT_GATHER_INFO |
2010-08-03 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2010-0585.nasl - Type: ACT_GATHER_INFO |
2010-07-30 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2010-128.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-9819.nasl - Type: ACT_GATHER_INFO |
2010-06-23 | Name: The remote openSUSE host is missing a security update. File: suse_11_0_lftp-100610.nasl - Type: ACT_GATHER_INFO |
2010-06-23 | Name: The remote openSUSE host is missing a security update. File: suse_11_1_lftp-100610.nasl - Type: ACT_GATHER_INFO |
2010-06-23 | Name: The remote openSUSE host is missing a security update. File: suse_11_2_lftp-100610.nasl - Type: ACT_GATHER_INFO |
2010-01-06 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2009-1278.nasl - Type: ACT_GATHER_INFO |
2009-09-02 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2009-1278.nasl - Type: ACT_GATHER_INFO |