Lucene search

[email protected]CVE-2007-2348

HistoryApr 27, 2007 - 6:19 p.m.

CVE-2007-2348

2007-04-2718:19:00

[email protected]

web.nvd.nist.gov

cve-2007-2348

mirror

lftp

security vulnerability

shell metacharacters

remote attack

6.7 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as “get” which could overwrite executable files.

Affected configurations

NVD

Node

alexander_v._lukyanovlftpRange≤3.5.8

CPENameOperatorVersion
alexander_v._lukyanov:lftpalexander v. lukyanov lftple3.5.8

CPE	Name	Operator	Version
alexander_v._lukyanov:lftp	alexander v. lukyanov lftp	le	3.5.8

References

bugs.gentoo.org/show_bug.cgi?id=173524

lftp.yar.ru/news.html

rhn.redhat.com/errata/RHSA-2009-1278.html

secunia.com/advisories/25107

secunia.com/advisories/25132

secunia.com/advisories/36559

www.securityfocus.com/bid/23736

www.vupen.com/english/advisories/2007/1590

issues.rpath.com/browse/RPL-1229

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10806

Social References

6.7 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON

Related for CVE-2007-2348

prion1 oraclelinux1 openvas7 debiancve1 nessus5 cvelist1 nvd1 ubuntucve1 centos1 redhat1