|Title||New lftp packages fix file overwrite vulnerability|
|Name||DSA-2085||First vendor Publication||2010-08-03|
|Vendor||Debian||Last vendor Modification||2010-08-03|
Security-Database Scoring CVSS v2
|Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
|Cvss Base Score||7.5||Attack Range||Network|
|Cvss Impact Score||6.4||Attack Complexity||Low|
|Cvss Expoit Score||10||Authentification||None Required|
|Calculate full CVSS 2.0 Vectors scores|
It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute arbitrary code (for instance if the attacker elects to write a dotfile in a home directory).
For the stable distribution (lenny), this problem has been fixed in version 3.7.3-1+lenny1.
For the testing distribution (squeeze), this problem has been fixed in version 4.0.6-1.
For the unstable distribution (sid), this problem has been fixed in version 4.0.6-1.
We recommend that you upgrade your lftp packages.
|Url : http://www.debian.org/security/2010/dsa-2085|
CWE : Common Weakness Enumeration
|CWE-20||Improper Input Validation|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
|64713||LFTP lftpget get1 Command Content-Disposition Header Suggested Filename Arbit...|