This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Alexander V. Lukyanov First view 2007-04-27
Product Lftp Last view 2010-07-06
Version 2.3.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:alexander_v._lukyanov:lftp

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2010-07-06 CVE-2010-2251

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

6.8 2007-04-27 CVE-2007-2348

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
64713 LFTP lftpget get1 Command Content-Disposition Header Suggested Filename Arbit...
35596 lftp mirror --script Arbitrary Code Execution Weakness

OpenVAS Exploits

id Description
2011-08-09 Name : CentOS Update for lftp CESA-2009:1278 centos5 i386
File : nvt/gb_CESA-2009_1278_lftp_centos5_i386.nasl
2011-08-09 Name : CentOS Update for lftp CESA-2010:0585 centos5 i386
File : nvt/gb_CESA-2010_0585_lftp_centos5_i386.nasl
2010-10-10 Name : FreeBSD Ports: lftp
File : nvt/freebsd_lftp0.nasl
2010-09-10 Name : Ubuntu Update for lftp vulnerability USN-984-1
File : nvt/gb_ubuntu_USN_984_1.nasl
2010-08-21 Name : Debian Security Advisory DSA 2085-1 (lftp)
File : nvt/deb_2085_1.nasl
2010-08-06 Name : RedHat Update for lftp RHSA-2010:0585-01
File : nvt/gb_RHSA-2010_0585-01_lftp.nasl
2010-07-12 Name : Mandriva Update for lftp MDVSA-2010:128 (lftp)
File : nvt/gb_mandriva_MDVSA_2010_128.nasl
2010-07-02 Name : Fedora Update for lftp FEDORA-2010-9819
File : nvt/gb_fedora_2010_9819_lftp_fc12.nasl
2010-04-29 Name : Mandriva Update for epiphany MDVA-2010:128 (epiphany)
File : nvt/gb_mandriva_MDVA_2010_128.nasl
2010-04-29 Name : Mandriva Update for epiphany MDVA-2010:128-1 (epiphany)
File : nvt/gb_mandriva_MDVA_2010_128_1.nasl
2009-09-21 Name : CentOS Security Advisory CESA-2009:1278 (lftp)
File : nvt/ovcesa2009_1278.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1278
File : nvt/RHSA_2009_1278.nasl

Nessus® Vulnerability Scanner

id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2010-0585.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20090902_lftp_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20100802_lftp_for_SL_5.nasl - Type: ACT_GATHER_INFO
2010-09-08 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-984-1.nasl - Type: ACT_GATHER_INFO
2010-09-04 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_29b7e3f4b6a911dfae63f255a795cb21.nasl - Type: ACT_GATHER_INFO
2010-08-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2085.nasl - Type: ACT_GATHER_INFO
2010-08-03 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2010-0585.nasl - Type: ACT_GATHER_INFO
2010-08-03 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2010-0585.nasl - Type: ACT_GATHER_INFO
2010-07-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2010-128.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-9819.nasl - Type: ACT_GATHER_INFO
2010-06-23 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_lftp-100610.nasl - Type: ACT_GATHER_INFO
2010-06-23 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_lftp-100610.nasl - Type: ACT_GATHER_INFO
2010-06-23 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_lftp-100610.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2009-1278.nasl - Type: ACT_GATHER_INFO
2009-09-02 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2009-1278.nasl - Type: ACT_GATHER_INFO