Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2010-2251
Description:The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Test IDs: 1.3.6.1.4.1.25623.1.0.67840   1.3.6.1.4.1.25623.1.0.67743   1.3.6.1.4.1.25623.1.0.67624   1.3.6.1.4.1.25623.1.0.67883   1.3.6.1.4.1.25623.1.0.67674   1.3.6.1.4.1.25623.1.0.68230   1.3.6.1.4.1.25623.1.0.67996   1.3.6.1.4.1.25623.1.0.122336   1.3.6.1.4.1.25623.1.0.880589  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2010-2251
Bugtraq: 20101027 rPSA-2010-0073-1 lftp (Google Search)
http://www.securityfocus.com/archive/1/514499/100/0/threaded
Debian Security Information: DSA-2085 (Google Search)
http://www.debian.org/security/2010/dsa-2085
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html
http://www.ocert.org/advisories/ocert-2010-001.html
http://marc.info/?l=oss-security&m=127411372529485&w=2
http://marc.info/?l=oss-security&m=127432968701342&w=2
http://marc.info/?l=oss-security&m=127611288927500&w=2
http://marc.info/?l=oss-security&m=127620248914170&w=2
http://secunia.com/advisories/40400
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.vupen.com/english/advisories/2010/1654




© 1998-2024 E-Soft Inc. All rights reserved.