oval:org.mitre.oval:def:22803

Definition Id: oval:org.mitre.oval:def:22803
 
Oval ID: oval:org.mitre.oval:def:22803
Title: ELSA-2010:0585: lftp security update (Moderate)
Description: The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Family: unix Class: patch
Reference(s): ELSA-2010:0585-01
CVE-2010-2251
Version: 6
Platform(s): Oracle Linux 5
Product(s): lftp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15459
 
Oval ID: oval:org.mitre.oval:def:15459
Title: Oracle Linux 5.x
Description: The operating system installed on the system is Oracle Linux 5.x
Family: unix Class: inventory
Reference(s): cpe:/o:oracle:linux:5
Version: 7
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:22803