DSA-2085Executive Summary
| Summary | |
|---|---|
| Title | New lftp packages fix file overwrite vulnerability |
| Informations | |||
|---|---|---|---|
| Name | DSA-2085 | First vendor Publication | 2010-08-03 |
| Vendor | Debian | Last vendor Modification | 2010-08-03 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute arbitrary code (for instance if the attacker elects to write a dotfile in a home directory). For the stable distribution (lenny), this problem has been fixed in version 3.7.3-1+lenny1. For the testing distribution (squeeze), this problem has been fixed in version 4.0.6-1. For the unstable distribution (sid), this problem has been fixed in version 4.0.6-1. We recommend that you upgrade your lftp packages. |
Original Source
| Url : http://www.debian.org/security/2010/dsa-2085 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 64713 | LFTP lftpget get1 Command Content-Disposition Header Suggested Filename Arbit... |
(High)
