Upstream information

CVE-2010-2251 at MITRE

Description

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 606319 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.0
  • lftp-debuginfo >= 3.6.3-28.2
  • lftp-debugsource >= 3.6.3-28.2
openSUSE 11.0
  • lftp >= 3.6.3-28.2
openSUSE 11.1
  • lftp-debuginfo >= 3.6.3-5.68.1
  • lftp-debugsource >= 3.6.3-5.68.1
openSUSE 11.1
  • lftp >= 3.6.3-5.68.1
openSUSE 11.2
  • lftp-debuginfo >= 3.6.3-58.2.1
  • lftp-debugsource >= 3.6.3-58.2.1
openSUSE 11.2
  • lftp >= 3.6.3-58.2.1