ID SL_20100802_LFTP_FOR_SL_5.NASL Type nessus Reporter Tenable Modified 2012-08-01T00:00:00
Description
LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.
It was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)
To correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.
All lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include("compat.inc");
if (description)
{
script_id(60827);
script_version("$Revision: 1.1 $");
script_cvs_date("$Date: 2012/08/01 14:38:54 $");
script_cve_id("CVE-2010-2251");
script_name(english:"Scientific Linux Security Update : lftp for SL 5");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Scientific Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"LFTP is a sophisticated file transfer program for the FTP and HTTP
protocols. Like Bash, it has job control and uses the Readline library
for input. It has bookmarks, built-in mirroring, and can transfer
several files in parallel. It is designed with reliability in mind.
It was discovered that lftp trusted the file name provided in the
Content-Disposition HTTP header. A malicious HTTP server could use
this flaw to write or overwrite files in the current working directory
of a victim running lftp, by sending a different file from what the
victim requested. (CVE-2010-2251)
To correct this flaw, the following changes were made to lftp: the
'xfer:clobber' option now defaults to 'no', causing lftp to not
overwrite existing files, and a new option, 'xfer:auto-rename', which
defaults to 'no', has been introduced to control whether lftp should
use server-suggested file names. Refer to the 'Settings' section of
the lftp(1) manual page for additional details on changing lftp
settings.
All lftp users should upgrade to this updated package, which contains
a backported patch to correct this issue."
);
# http://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=184
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?c1606f2b"
);
script_set_attribute(attribute:"solution", value:"Update the affected lftp package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2010/08/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012 Tenable Network Security, Inc.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"lftp-3.7.11-4.el5_5.3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "SL_20100802_LFTP_FOR_SL_5.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : lftp for SL 5", "description": "LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.", "published": "2012-08-01T00:00:00", "modified": "2012-08-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60827", "reporter": "Tenable", "references": ["http://www.nessus.org/u?c1606f2b"], "cvelist": ["CVE-2010-2251"], "type": "nessus", "lastseen": "2018-09-01T23:58:49", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2010-2251"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "8ec9d37811136633b13d21217e8242570efd5766d20460e067e2e81a66679b0a", "hashmap": [{"hash": "ff8bf48951e7537c8529cab34571da3c", "key": "description"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "51e91d653d51be816be0dded6ee466f6", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "04886914947d222e836307ade6a5f1ec", "key": "sourceData"}, {"hash": "1a5a26451105562d1dcb2c5927ae7aa8", "key": "pluginID"}, {"hash": "d1b02e05e6783a7fd4cd11a8a73492fc", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "4357a9364a7b460d78097f269986b389", "key": "cvelist"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "modified"}, {"hash": "2fd0005c47691074f6f522e25d0be997", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=60827", "id": "SL_20100802_LFTP_FOR_SL_5.NASL", "lastseen": "2017-10-29T13:42:07", "modified": "2012-08-01T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "60827", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?c1606f2b"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60827);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:54 $\");\n\n script_cve_id(\"CVE-2010-2251\");\n\n script_name(english:\"Scientific Linux Security Update : lftp for SL 5\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"LFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library\nfor input. It has bookmarks, built-in mirroring, and can transfer\nseveral files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use\nthis flaw to write or overwrite files in the current working directory\nof a victim running lftp, by sending a different file from what the\nvictim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n'xfer:clobber' option now defaults to 'no', causing lftp to not\noverwrite existing files, and a new option, 'xfer:auto-rename', which\ndefaults to 'no', has been introduced to control whether lftp should\nuse server-suggested file names. Refer to the 'Settings' section of\nthe lftp(1) manual page for additional details on changing lftp\nsettings.\n\nAll lftp users should upgrade to this updated package, which contains\na backported patch to correct this issue.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=184\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1606f2b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"lftp-3.7.11-4.el5_5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : lftp for SL 5", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:42:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2010-2251"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "ffbc5824b197e97674924364d723a2f54e7ca1b1ff8647b63e19fe21b3862359", "hashmap": [{"hash": "ff8bf48951e7537c8529cab34571da3c", "key": "description"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "51e91d653d51be816be0dded6ee466f6", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "04886914947d222e836307ade6a5f1ec", "key": "sourceData"}, {"hash": "1a5a26451105562d1dcb2c5927ae7aa8", "key": "pluginID"}, {"hash": "d1b02e05e6783a7fd4cd11a8a73492fc", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "4357a9364a7b460d78097f269986b389", "key": "cvelist"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "modified"}, {"hash": "2fd0005c47691074f6f522e25d0be997", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=60827", "id": "SL_20100802_LFTP_FOR_SL_5.NASL", "lastseen": "2018-08-30T19:50:59", "modified": "2012-08-01T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "60827", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?c1606f2b"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60827);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:54 $\");\n\n script_cve_id(\"CVE-2010-2251\");\n\n script_name(english:\"Scientific Linux Security Update : lftp for SL 5\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"LFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library\nfor input. It has bookmarks, built-in mirroring, and can transfer\nseveral files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use\nthis flaw to write or overwrite files in the current working directory\nof a victim running lftp, by sending a different file from what the\nvictim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n'xfer:clobber' option now defaults to 'no', causing lftp to not\noverwrite existing files, and a new option, 'xfer:auto-rename', which\ndefaults to 'no', has been introduced to control whether lftp should\nuse server-suggested file names. Refer to the 'Settings' section of\nthe lftp(1) manual page for additional details on changing lftp\nsettings.\n\nAll lftp users should upgrade to this updated package, which contains\na backported patch to correct this issue.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=184\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1606f2b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"lftp-3.7.11-4.el5_5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : lftp for SL 5", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:50:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2010-2251"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.", "edition": 1, "enchantments": {}, "hash": "22f128b3f2d05f0475b7df05fbde13df28508dee45ee76bbee1a3d6060fe7ec4", "hashmap": [{"hash": "ff8bf48951e7537c8529cab34571da3c", "key": "description"}, {"hash": "51e91d653d51be816be0dded6ee466f6", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "04886914947d222e836307ade6a5f1ec", "key": "sourceData"}, {"hash": "1a5a26451105562d1dcb2c5927ae7aa8", "key": "pluginID"}, {"hash": "d1b02e05e6783a7fd4cd11a8a73492fc", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "4357a9364a7b460d78097f269986b389", "key": "cvelist"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "2fd0005c47691074f6f522e25d0be997", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=60827", "id": "SL_20100802_LFTP_FOR_SL_5.NASL", "lastseen": "2016-09-26T17:25:42", "modified": "2012-08-01T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "60827", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?c1606f2b"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60827);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:54 $\");\n\n script_cve_id(\"CVE-2010-2251\");\n\n script_name(english:\"Scientific Linux Security Update : lftp for SL 5\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"LFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library\nfor input. It has bookmarks, built-in mirroring, and can transfer\nseveral files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use\nthis flaw to write or overwrite files in the current working directory\nof a victim running lftp, by sending a different file from what the\nvictim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n'xfer:clobber' option now defaults to 'no', causing lftp to not\noverwrite existing files, and a new option, 'xfer:auto-rename', which\ndefaults to 'no', has been introduced to control whether lftp should\nuse server-suggested file names. Refer to the 'Settings' section of\nthe lftp(1) manual page for additional details on changing lftp\nsettings.\n\nAll lftp users should upgrade to this updated package, which contains\na backported patch to correct this issue.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=184\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1606f2b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"lftp-3.7.11-4.el5_5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : lftp for SL 5", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:42"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "b1e432cd926620a2b9bd9816ef9503c6"}, {"key": "cvelist", "hash": "4357a9364a7b460d78097f269986b389"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "ff8bf48951e7537c8529cab34571da3c"}, {"key": "href", "hash": "2fd0005c47691074f6f522e25d0be997"}, {"key": "modified", "hash": "3ff4afbf9eedf98937c2e5c5cf13456f"}, {"key": "naslFamily", "hash": "b3a4d461a1383c8ba9fa401b58d29827"}, {"key": "pluginID", "hash": "1a5a26451105562d1dcb2c5927ae7aa8"}, {"key": "published", "hash": "3ff4afbf9eedf98937c2e5c5cf13456f"}, {"key": "references", "hash": "51e91d653d51be816be0dded6ee466f6"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "04886914947d222e836307ade6a5f1ec"}, {"key": "title", "hash": "d1b02e05e6783a7fd4cd11a8a73492fc"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "8ec9d37811136633b13d21217e8242570efd5766d20460e067e2e81a66679b0a", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60827);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:54 $\");\n\n script_cve_id(\"CVE-2010-2251\");\n\n script_name(english:\"Scientific Linux Security Update : lftp for SL 5\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"LFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library\nfor input. It has bookmarks, built-in mirroring, and can transfer\nseveral files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use\nthis flaw to write or overwrite files in the current working directory\nof a victim running lftp, by sending a different file from what the\nvictim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n'xfer:clobber' option now defaults to 'no', causing lftp to not\noverwrite existing files, and a new option, 'xfer:auto-rename', which\ndefaults to 'no', has been introduced to control whether lftp should\nuse server-suggested file names. Refer to the 'Settings' section of\nthe lftp(1) manual page for additional details on changing lftp\nsettings.\n\nAll lftp users should upgrade to this updated package, which contains\na backported patch to correct this issue.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=184\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1606f2b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"lftp-3.7.11-4.el5_5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "60827", "cpe": ["x-cpe:/o:fermilab:scientific_linux"]}
{"cve": [{"lastseen": "2018-10-11T11:34:16", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html", "http://www.vupen.com/english/advisories/2010/1654", "http://marc.info/?l=oss-security&m=127611288927500&w=2", "http://marc.info/?l=oss-security&m=127411372529485&w=2", "http://www.debian.org/security/2010/dsa-2085", "https://bugzilla.redhat.com/show_bug.cgi?id=602836", "http://marc.info/?l=oss-security&m=127620248914170&w=2", "http://wiki.rpath.com/Advisories:rPSA-2010-0073", "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html", "http://www.ocert.org/advisories/ocert-2010-001.html", "http://marc.info/?l=oss-security&m=127432968701342&w=2", "http://www.securityfocus.com/archive/1/514499/100/0/threaded", "https://bugzilla.redhat.com/show_bug.cgi?id=591580", "http://lftp.yar.ru/news.html"], "description": "The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.", "edition": 2, "reporter": "NVD", "published": "2010-07-06T13:17:13", "title": "CVE-2010-2251", "type": "cve", "enchantments": {"score": {"modified": "2018-10-11T11:34:16", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-2251"], "scanner": [], "modified": "2018-10-10T15:59:26", "cpe": ["cpe:/a:alexander_v._lukyanov:lftp:3.0.3", "cpe:/a:alexander_v._lukyanov:lftp:2.0.5", "cpe:/a:alexander_v._lukyanov:lftp:3.2.0", "cpe:/a:alexander_v._lukyanov:lftp:2.4.9", "cpe:/a:alexander_v._lukyanov:lftp:2.1.4", "cpe:/a:alexander_v._lukyanov:lftp:2.3", "cpe:/a:alexander_v._lukyanov:lftp:3.7.9", "cpe:/a:alexander_v._lukyanov:lftp:3.0.10", "cpe:/a:alexander_v._lukyanov:lftp:3.6.0", "cpe:/a:alexander_v._lukyanov:lftp:2.3.1", "cpe:/a:alexander_v._lukyanov:lftp:2.1.0", "cpe:/a:alexander_v._lukyanov:lftp:4.0.0", "cpe:/a:alexander_v._lukyanov:lftp:3.7.3", "cpe:/a:alexander_v._lukyanov:lftp:2.1.7", "cpe:/a:alexander_v._lukyanov:lftp:3.4.7", "cpe:/a:alexander_v._lukyanov:lftp:2.4.0", "cpe:/a:alexander_v._lukyanov:lftp:3.3.2", "cpe:/a:alexander_v._lukyanov:lftp:2.1.9", "cpe:/a:alexander_v._lukyanov:lftp:2.1.5", "cpe:/a:alexander_v._lukyanov:lftp:2.2.6", "cpe:/a:alexander_v._lukyanov:lftp:2.6.0", "cpe:/a:alexander_v._lukyanov:lftp:3.5.14", "cpe:/a:alexander_v._lukyanov:lftp:3.5.5", "cpe:/a:alexander_v._lukyanov:lftp:3.0.8", "cpe:/a:alexander_v._lukyanov:lftp:3.5.7", "cpe:/a:alexander_v._lukyanov:lftp:2.2.5", "cpe:/a:alexander_v._lukyanov:lftp:3.7.14", "cpe:/a:alexander_v._lukyanov:lftp:3.0.11", "cpe:/a:alexander_v._lukyanov:lftp:2.1.10", "cpe:/a:alexander_v._lukyanov:lftp:2.3.4", "cpe:/a:alexander_v._lukyanov:lftp:3.1.0", "cpe:/a:alexander_v._lukyanov:lftp:3.2.1", "cpe:/a:alexander_v._lukyanov:lftp:3.6.3", "cpe:/a:alexander_v._lukyanov:lftp:3.7.2", "cpe:/a:alexander_v._lukyanov:lftp:2.4.10", "cpe:/a:alexander_v._lukyanov:lftp:3.5.8", "cpe:/a:alexander_v._lukyanov:lftp:2.1.8", "cpe:/a:alexander_v._lukyanov:lftp:2.5.3", "cpe:/a:alexander_v._lukyanov:lftp:2.3.5", "cpe:/a:alexander_v._lukyanov:lftp:2.6.4", "cpe:/a:alexander_v._lukyanov:lftp:3.7.1", "cpe:/a:alexander_v._lukyanov:lftp:3.7.4", "cpe:/a:alexander_v._lukyanov:lftp:3.7.7", "cpe:/a:alexander_v._lukyanov:lftp:2.3.7", "cpe:/a:alexander_v._lukyanov:lftp:3.5.11", "cpe:/a:alexander_v._lukyanov:lftp:2.1.1", "cpe:/a:alexander_v._lukyanov:lftp:2.3.6", "cpe:/a:alexander_v._lukyanov:lftp:3.4.1", "cpe:/a:alexander_v._lukyanov:lftp:3.0.2", "cpe:/a:alexander_v._lukyanov:lftp:2.3.3", "cpe:/a:alexander_v._lukyanov:lftp:3.1.1", "cpe:/a:alexander_v._lukyanov:lftp:2.6.10", "cpe:/a:alexander_v._lukyanov:lftp:2.0.3", "cpe:/a:alexander_v._lukyanov:lftp:3.4.4", "cpe:/a:alexander_v._lukyanov:lftp:3.3.5", "cpe:/a:alexander_v._lukyanov:lftp:3.6.2", "cpe:/a:alexander_v._lukyanov:lftp:2.6.8", "cpe:/a:alexander_v._lukyanov:lftp:3.1.2", "cpe:/a:alexander_v._lukyanov:lftp:2.2.4", "cpe:/a:alexander_v._lukyanov:lftp:3.7.12", "cpe:/a:alexander_v._lukyanov:lftp:3.0.4", "cpe:/a:alexander_v._lukyanov:lftp:3.1.3", "cpe:/a:alexander_v._lukyanov:lftp:3.5.0", "cpe:/a:alexander_v._lukyanov:lftp:2.0.0", "cpe:/a:alexander_v._lukyanov:lftp:3.3.1", "cpe:/a:alexander_v._lukyanov:lftp:3.4.5", "cpe:/a:alexander_v._lukyanov:lftp:3.5.13", "cpe:/a:alexander_v._lukyanov:lftp:3.7.11", "cpe:/a:alexander_v._lukyanov:lftp:2.4.2", "cpe:/a:alexander_v._lukyanov:lftp:2.4.3", "cpe:/a:alexander_v._lukyanov:lftp:3.5.6", "cpe:/a:alexander_v._lukyanov:lftp:2.6.6", "cpe:/a:alexander_v._lukyanov:lftp:2.0.4", "cpe:/a:alexander_v._lukyanov:lftp:2.6.7", "cpe:/a:alexander_v._lukyanov:lftp:3.0.7", "cpe:/a:alexander_v._lukyanov:lftp:3.5.3", "cpe:/a:alexander_v._lukyanov:lftp:4.0.5", "cpe:/a:alexander_v._lukyanov:lftp:2.3.9", "cpe:/a:alexander_v._lukyanov:lftp:2.4.6", "cpe:/a:alexander_v._lukyanov:lftp:2.0.2", "cpe:/a:alexander_v._lukyanov:lftp:3.7.6", "cpe:/a:alexander_v._lukyanov:lftp:2.4.1", "cpe:/a:alexander_v._lukyanov:lftp:2.1.3", "cpe:/a:alexander_v._lukyanov:lftp:2.1.6", "cpe:/a:alexander_v._lukyanov:lftp:2.6.11", "cpe:/a:alexander_v._lukyanov:lftp:3.7.0", "cpe:/a:alexander_v._lukyanov:lftp:3.0.5", "cpe:/a:alexander_v._lukyanov:lftp:2.5.2", "cpe:/a:alexander_v._lukyanov:lftp:3.5.1", "cpe:/a:alexander_v._lukyanov:lftp:3.0.13", "cpe:/a:alexander_v._lukyanov:lftp:3.5.10", "cpe:/a:alexander_v._lukyanov:lftp:4.0.4", "cpe:/a:alexander_v._lukyanov:lftp:3.5.2", "cpe:/a:alexander_v._lukyanov:lftp:3.3.3", "cpe:/a:alexander_v._lukyanov:lftp:3.4.0", "cpe:/a:alexander_v._lukyanov:lftp:3.7.5", "cpe:/a:alexander_v._lukyanov:lftp:2.3.11", "cpe:/a:alexander_v._lukyanov:lftp:2.3.2", "cpe:/a:alexander_v._lukyanov:lftp:3.0.12", "cpe:/a:alexander_v._lukyanov:lftp:3.4.6", "cpe:/a:alexander_v._lukyanov:lftp:2.5.4", "cpe:/a:alexander_v._lukyanov:lftp:2.5.1", "cpe:/a:alexander_v._lukyanov:lftp:2.6.9", "cpe:/a:alexander_v._lukyanov:lftp:2.6.2", "cpe:/a:alexander_v._lukyanov:lftp:2.6.5", "cpe:/a:alexander_v._lukyanov:lftp:2.1.2", "cpe:/a:alexander_v._lukyanov:lftp:4.0.3", "cpe:/a:alexander_v._lukyanov:lftp:2.3.10", "cpe:/a:alexander_v._lukyanov:lftp:3.5.12", "cpe:/a:alexander_v._lukyanov:lftp:2.3.0", "cpe:/a:alexander_v._lukyanov:lftp:2.5.0", "cpe:/a:alexander_v._lukyanov:lftp:2.2.0", "cpe:/a:alexander_v._lukyanov:lftp:2.6.1", "cpe:/a:alexander_v._lukyanov:lftp:2.0.1", "cpe:/a:alexander_v._lukyanov:lftp:3.0.6", "cpe:/a:alexander_v._lukyanov:lftp:4.0.2", "cpe:/a:alexander_v._lukyanov:lftp:3.0.0", "cpe:/a:alexander_v._lukyanov:lftp:3.7.8", "cpe:/a:alexander_v._lukyanov:lftp:3.7.10", "cpe:/a:alexander_v._lukyanov:lftp:3.5.4", "cpe:/a:alexander_v._lukyanov:lftp:3.6.1", "cpe:/a:alexander_v._lukyanov:lftp:3.7.13", "cpe:/a:alexander_v._lukyanov:lftp:2.6.12", "cpe:/a:alexander_v._lukyanov:lftp:2.3.8", "cpe:/a:alexander_v._lukyanov:lftp:3.5.9", "cpe:/a:alexander_v._lukyanov:lftp:2.4.7", "cpe:/a:alexander_v._lukyanov:lftp:2.2.0a", "cpe:/a:alexander_v._lukyanov:lftp:2.6.3", "cpe:/a:alexander_v._lukyanov:lftp:2.2.2", "cpe:/a:alexander_v._lukyanov:lftp:2.4.8", "cpe:/a:alexander_v._lukyanov:lftp:3.5.15", "cpe:/a:alexander_v._lukyanov:lftp:3.3.4", "cpe:/a:alexander_v._lukyanov:lftp:3.0.1", "cpe:/a:alexander_v._lukyanov:lftp:3.0.9", "cpe:/a:alexander_v._lukyanov:lftp:4.0.1", "cpe:/a:alexander_v._lukyanov:lftp:2.2.1", "cpe:/a:alexander_v._lukyanov:lftp:3.3.0", "cpe:/a:alexander_v._lukyanov:lftp:2.4.5", "cpe:/a:alexander_v._lukyanov:lftp:2.2.3", "cpe:/a:alexander_v._lukyanov:lftp:3.4.3", "cpe:/a:alexander_v._lukyanov:lftp:3.4.2", "cpe:/a:alexander_v._lukyanov:lftp:2.4.10a"], "id": "CVE-2010-2251", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2251", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:09:56", "references": [], "pluginID": "67996", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-10-10T00:00:00", "title": "FreeBSD Ports: lftp", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2017-02-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67996", "id": "OPENVAS:67996", "sourceData": "#\n#VID 29b7e3f4-b6a9-11df-ae63-f255a795cb21\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 29b7e3f4-b6a9-11df-ae63-f255a795cb21\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: lftp\n\nCVE-2010-2251\nThe get1 command, as used by lftpget, in LFTP before 4.0.6 does not\nproperly validate a server-provided filename before determining the\ndestination filename of a download, which allows remote servers to\ncreate or overwrite arbitrary files via a Content-Disposition header\nthat suggests a crafted filename, and possibly execute arbitrary code\nas a consequence of writing to a dotfile in a home directory.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=591580\nhttp://www.vuxml.org/freebsd/29b7e3f4-b6a9-11df-ae63-f255a795cb21.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67996);\n script_version(\"$Revision: 5245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-09 09:57:08 +0100 (Thu, 09 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-10 19:35:00 +0200 (Sun, 10 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2251\");\n script_name(\"FreeBSD Ports: lftp\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"lftp\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.0.6\")<0) {\n txt += 'Package lftp version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:05:55", "references": ["https://www.redhat.com/archives/rhsa-announce/2010-August/msg00005.html", "2010:0585-01"], "pluginID": "1361412562310870306", "description": "Check for the Version of lftp", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-08-06T00:00:00", "title": "RedHat Update for lftp RHSA-2010:0585-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-01-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870306", "id": "OPENVAS:1361412562310870306", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for lftp RHSA-2010:0585-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"LFTP is a sophisticated file transfer program for the FTP and HTTP\n protocols. Like Bash, it has job control and uses the Readline library for\n input. It has bookmarks, built-in mirroring, and can transfer several files\n in parallel. It is designed with reliability in mind.\n\n It was discovered that lftp trusted the file name provided in the\n Content-Disposition HTTP header. A malicious HTTP server could use this\n flaw to write or overwrite files in the current working directory of a\n victim running lftp, by sending a different file from what the victim\n requested. (CVE-2010-2251)\n \n To correct this flaw, the following changes were made to lftp: the\n "xfer:clobber" option now defaults to "no", causing lftp to not overwrite\n existing files, and a new option, "xfer:auto-rename", which defaults to\n "no", has been introduced to control whether lftp should use\n server-suggested file names. Refer to the "Settings" section of the lftp(1)\n manual page for additional details on changing lftp settings.\n \n All lftp users should upgrade to this updated package, which contains a\n backported patch to correct this issue.\";\n\ntag_affected = \"lftp on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00005.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870306\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0585-01\");\n script_cve_id(\"CVE-2010-2251\");\n script_name(\"RedHat Update for lftp RHSA-2010:0585-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of lftp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"lftp\", rpm:\"lftp~3.7.11~4.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lftp-debuginfo\", rpm:\"lftp-debuginfo~3.7.11~4.el5_5.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:41", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html", "2010-9819"], "pluginID": "1361412562310862209", "description": "Check for the Version of lftp", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-02T00:00:00", "title": "Fedora Update for lftp FEDORA-2010-9819", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2017-12-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862209", "id": "OPENVAS:1361412562310862209", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lftp FEDORA-2010-9819\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"lftp on Fedora 12\";\ntag_insight = \"LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job\n control and uses the readline library for input. It has bookmarks, built-in\n mirroring, and can transfer several files in parallel. It is designed with\n reliability in mind.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862209\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-02 14:26:21 +0200 (Fri, 02 Jul 2010)\");\n script_xref(name: \"FEDORA\", value: \"2010-9819\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2251\");\n script_name(\"Fedora Update for lftp FEDORA-2010-9819\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of lftp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"lftp\", rpm:\"lftp~4.0.8~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:04:57", "references": [], "pluginID": "136141256231067840", "description": "The remote host is missing an update to lftp\nannounced via advisory DSA 2085-1.", "edition": 1, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-08-21T00:00:00", "title": "Debian Security Advisory DSA 2085-1 (lftp)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-01-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067840", "id": "OPENVAS:136141256231067840", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2085_1.nasl 8287 2018-01-04 07:28:11Z teissa $\n# Description: Auto-generated from advisory DSA 2085-1 (lftp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that in lftp, a command-line HTTP/FTP client, there is\nno proper validation of the filename provided by the server through the\nContent-Disposition header; attackers can use this flaw by suggesting a\nfilename they wish to overwrite on the client machine, and then possibly\nexecute arbitrary code (for instance if the attacker elects to write a\ndotfile in a home directory).\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.7.3-1+lenny1.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 4.0.6-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.0.6-1.\n\nWe recommend that you upgrade your lftp packages.\";\ntag_summary = \"The remote host is missing an update to lftp\nannounced via advisory DSA 2085-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202085-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67840\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-21 08:54:16 +0200 (Sat, 21 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2251\");\n script_name(\"Debian Security Advisory DSA 2085-1 (lftp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lftp\", ver:\"3.7.3-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:05:32", "references": ["2010:128", "http://lists.mandriva.com/security-announce/2010-04/msg00038.php"], "pluginID": "1361412562310831001", "description": "Check for the Version of epiphany", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-04-29T00:00:00", "title": "Mandriva Update for epiphany MDVA-2010:128 (epiphany)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-01-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831001", "id": "OPENVAS:1361412562310831001", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for epiphany MDVA-2010:128 (epiphany)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that epiphany stopped working correctly on Mandriva\n Linux 2009.0 and 2009.1 with latest xulrunner. This update addresses\n this problem.\n\n Packages for 2009.0 are provided due to the Extended Maintenance\n Program.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"epiphany on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00038.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831001\");\n script_version(\"$Revision: 8528 $\");\n script_cve_id(\"CVE-2010-2251\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 13:13:58 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:128\");\n script_name(\"Mandriva Update for epiphany MDVA-2010:128 (epiphany)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of epiphany\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.26.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.26.3~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.3~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:52", "references": ["http://lists.centos.org/pipermail/centos-announce/2010-August/016860.html", "2010:0585"], "pluginID": "1361412562310880589", "description": "Check for the Version of lftp", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "title": "CentOS Update for lftp CESA-2010:0585 centos5 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880589", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880589", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for lftp CESA-2010:0585 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"LFTP is a sophisticated file transfer program for the FTP and HTTP\n protocols. Like Bash, it has job control and uses the Readline library for\n input. It has bookmarks, built-in mirroring, and can transfer several files\n in parallel. It is designed with reliability in mind.\n\n It was discovered that lftp trusted the file name provided in the\n Content-Disposition HTTP header. A malicious HTTP server could use this\n flaw to write or overwrite files in the current working directory of a\n victim running lftp, by sending a different file from what the victim\n requested. (CVE-2010-2251)\n \n To correct this flaw, the following changes were made to lftp: the\n "xfer:clobber" option now defaults to "no", causing lftp to not overwrite\n existing files, and a new option, "xfer:auto-rename", which defaults to\n "no", has been introduced to control whether lftp should use\n server-suggested file names. Refer to the "Settings" section of the lftp(1)\n manual page for additional details on changing lftp settings.\n \n All lftp users should upgrade to this updated package, which contains a\n backported patch to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"lftp on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016860.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880589\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0585\");\n script_cve_id(\"CVE-2010-2251\");\n script_name(\"CentOS Update for lftp CESA-2010:0585 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of lftp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"lftp\", rpm:\"lftp~3.7.11~4.el5_5.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:34", "references": ["http://linux.oracle.com/errata/ELSA-2010-0585.html"], "pluginID": "1361412562310122336", "description": "Oracle Linux Local Security Checks ELSA-2010-0585", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2010-0585", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0585.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122336\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:01 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0585\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0585 - lftp security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0585\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0585.html\");\n script_cve_id(\"CVE-2010-2251\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"lftp\", rpm:\"lftp~3.7.11~4.el5_5.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:18:13", "references": ["http://www.ubuntu.com/usn/usn-984-1/", "984-1"], "pluginID": "840494", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-984-1", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-09-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "Ubuntu Update for lftp vulnerability USN-984-1", "type": "openvas", "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840494", "id": "OPENVAS:840494", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_984_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for lftp vulnerability USN-984-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that LFTP incorrectly filtered filenames suggested\n by Content-Disposition headers. If a user or automated system were tricked\n into downloading a file from a malicious site, a remote attacker could\n create the file with an arbitrary name, such as a dotfile, and possibly run\n arbitrary code.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-984-1\";\ntag_affected = \"lftp vulnerability on Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-984-1/\");\n script_id(840494);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"984-1\");\n script_cve_id(\"CVE-2010-2251\");\n script_name(\"Ubuntu Update for lftp vulnerability USN-984-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lftp\", ver:\"3.7.15-1ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lftp\", ver:\"4.0.2-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lftp\", ver:\"3.7.8-1ubuntu0.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lftp\", ver:\"3.6.1-1ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:12", "references": ["http://www.ubuntu.com/usn/usn-984-1/", "984-1"], "pluginID": "1361412562310840494", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-984-1", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-09-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for lftp vulnerability USN-984-1", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2017-12-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840494", "id": "OPENVAS:1361412562310840494", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_984_1.nasl 8187 2017-12-20 07:30:09Z teissa $\n#\n# Ubuntu Update for lftp vulnerability USN-984-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that LFTP incorrectly filtered filenames suggested\n by Content-Disposition headers. If a user or automated system were tricked\n into downloading a file from a malicious site, a remote attacker could\n create the file with an arbitrary name, such as a dotfile, and possibly run\n arbitrary code.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-984-1\";\ntag_affected = \"lftp vulnerability on Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-984-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840494\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"984-1\");\n script_cve_id(\"CVE-2010-2251\");\n script_name(\"Ubuntu Update for lftp vulnerability USN-984-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lftp\", ver:\"3.7.15-1ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lftp\", ver:\"4.0.2-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lftp\", ver:\"3.7.8-1ubuntu0.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lftp\", ver:\"3.6.1-1ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:04:58", "references": ["2010:128-1", "http://lists.mandriva.com/security-announce/2010-04/msg00039.php"], "pluginID": "1361412562310830998", "description": "Check for the Version of epiphany", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-04-29T00:00:00", "title": "Mandriva Update for epiphany MDVA-2010:128-1 (epiphany)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830998", "id": "OPENVAS:1361412562310830998", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for epiphany MDVA-2010:128-1 (epiphany)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that epiphany stopped working correctly on Mandriva\n Linux 2009.0 and 2009.1 with latest xulrunner. This update addresses\n this problem.\n\n Packages for 2009.0 are provided due to the Extended Maintenance\n Program.\n \n Update:\n \n The packages for Mandriva Linux 2009.0 had the wrong release number\n which prevented an upgrade. The update packages addresses the problem.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"epiphany on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00039.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830998\");\n script_version(\"$Revision: 8447 $\");\n script_cve_id(\"CVE-2010-2251\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 13:13:58 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:128-1\");\n script_name(\"Mandriva Update for epiphany MDVA-2010:128-1 (epiphany)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of epiphany\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"epiphany\", rpm:\"epiphany~2.24.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"epiphany-devel\", rpm:\"epiphany-devel~2.24.3~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:37", "references": ["https://vulners.com/securityvulns/securityvulns:doc:24191"], "description": "Downloaded file name in lftpget may be set by server without user confirmation.", "edition": 1, "reporter": "BUGTRAQ", "published": "2010-07-08T00:00:00", "title": "lftp file overwrite", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:37", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "lftp", "version": "4.0", "operator": "eq"}], "cvelist": ["CVE-2010-2251"], "modified": "2010-07-08T00:00:00", "id": "SECURITYVULNS:VULN:10979", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10979", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:35", "references": [], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:128\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : lftp\r\n Date : July 6, 2010\r\n Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been found and corrected in lftp:\r\n \r\n The get1 command, as used by lftpget, in LFTP before 4.0.6 does not\r\n properly validate a server-provided filename before determining the\r\n destination filename of a download, which allows remote servers to\r\n create or overwrite arbitrary files via a Content-Disposition header\r\n that suggests a crafted filename, and possibly execute arbitrary\r\n code as a consequence of writing to a dotfile in a home directory\r\n (CVE-2010-2251).\r\n \r\n Packages for 2008.0 and 2009.0 are provided as of the Extended\r\n Maintenance Program. Please visit this link to learn more:\r\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\r\n \r\n Additionally on 2008.0 lftp has been upgraded to 3.7.4.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2251\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 70002b25ea687e18daaf1d2d650d2311 2008.0/i586/lftp-3.7.4-0.1mdv2008.0.i586.rpm\r\n 267d114587a3bb33a1924eafa2e53681 2008.0/i586/liblftp0-3.7.4-0.1mdv2008.0.i586.rpm\r\n 670405b305aa03dcbe2c340a2813e2bd 2008.0/i586/liblftp-devel-3.7.4-0.1mdv2008.0.i586.rpm \r\n 4a37f82002ea3042d5f66562dad92837 2008.0/SRPMS/lftp-3.7.4-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n e53191e7cc41c58982deddf3e7e628ce 2008.0/x86_64/lftp-3.7.4-0.1mdv2008.0.x86_64.rpm\r\n d518833d3ea17bde4a77b388c20ee262 2008.0/x86_64/lib64lftp0-3.7.4-0.1mdv2008.0.x86_64.rpm\r\n 2c88562a368ccdf00841d4e044c8f012 2008.0/x86_64/lib64lftp-devel-3.7.4-0.1mdv2008.0.x86_64.rpm \r\n 4a37f82002ea3042d5f66562dad92837 2008.0/SRPMS/lftp-3.7.4-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n a04887286756ecf0218e67981098ee00 2009.0/i586/lftp-3.7.4-1.1mdv2009.0.i586.rpm\r\n 2c9165b6386ed899758a2ea404a9385d 2009.0/i586/liblftp0-3.7.4-1.1mdv2009.0.i586.rpm\r\n 8c86068b9e839b47a93c23541456b3cc 2009.0/i586/liblftp-devel-3.7.4-1.1mdv2009.0.i586.rpm \r\n 187fb4a21859de94bf111fdb21f22c4c 2009.0/SRPMS/lftp-3.7.4-1.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 18e95b0f96e05c4f4d08ff7ff0ec29b0 2009.0/x86_64/lftp-3.7.4-1.1mdv2009.0.x86_64.rpm\r\n 0b53aff2ff5bd9fb9cf36dfdedd3c582 2009.0/x86_64/lib64lftp0-3.7.4-1.1mdv2009.0.x86_64.rpm\r\n e6461691120dadda1f414a1611e4ece0 2009.0/x86_64/lib64lftp-devel-3.7.4-1.1mdv2009.0.x86_64.rpm \r\n 187fb4a21859de94bf111fdb21f22c4c 2009.0/SRPMS/lftp-3.7.4-1.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n d9069ed3bb5e11948564e280565f0768 2009.1/i586/lftp-3.7.9-1.1mdv2009.1.i586.rpm\r\n 80a0214dcea80af012c07eea76c4e5c7 2009.1/i586/liblftp0-3.7.9-1.1mdv2009.1.i586.rpm\r\n a5c2a6e01c53d6dd1d990bcdbeb1c68c 2009.1/i586/liblftp-devel-3.7.9-1.1mdv2009.1.i586.rpm \r\n 2e8cab06f3d9a82ea69ad764e189bb4a 2009.1/SRPMS/lftp-3.7.9-1.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 97657f39c592d50f47c8f65df94a2e19 2009.1/x86_64/lftp-3.7.9-1.1mdv2009.1.x86_64.rpm\r\n e029a26bf63f859393b05ad8be3121c4 2009.1/x86_64/lib64lftp0-3.7.9-1.1mdv2009.1.x86_64.rpm\r\n 374fe6c5118959366aa568861e868b49 2009.1/x86_64/lib64lftp-devel-3.7.9-1.1mdv2009.1.x86_64.rpm \r\n 2e8cab06f3d9a82ea69ad764e189bb4a 2009.1/SRPMS/lftp-3.7.9-1.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 7e40d6fed798df5e6e2ad91f0518f1fe 2010.0/i586/lftp-3.7.15-1.1mdv2010.0.i586.rpm\r\n a0f2d233784d358a9b908650e69c2ccc 2010.0/i586/liblftp0-3.7.15-1.1mdv2010.0.i586.rpm\r\n 217d90aadfc3344ec3cdc0dedb97e819 2010.0/i586/liblftp-devel-3.7.15-1.1mdv2010.0.i586.rpm \r\n 862ebfc437fcbc900662366f93df5d70 2010.0/SRPMS/lftp-3.7.15-1.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 54b1fec82936e06338906db09b49a8a6 2010.0/x86_64/lftp-3.7.15-1.1mdv2010.0.x86_64.rpm\r\n 17598246912347e614013f002338365d 2010.0/x86_64/lib64lftp0-3.7.15-1.1mdv2010.0.x86_64.rpm\r\n aa6338f3dd92dbc7adf3ae978db61a5b 2010.0/x86_64/lib64lftp-devel-3.7.15-1.1mdv2010.0.x86_64.rpm \r\n 862ebfc437fcbc900662366f93df5d70 2010.0/SRPMS/lftp-3.7.15-1.1mdv2010.0.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n e0fe03efa978c234e8365fe9ab08ad9c mes5/i586/lftp-3.7.4-1.1mdvmes5.1.i586.rpm\r\n 1c57f9608cbd607bda8bf55bc76600d9 mes5/i586/liblftp0-3.7.4-1.1mdvmes5.1.i586.rpm\r\n dff1c808bb1cfa0b0e067e6c41b3db03 mes5/i586/liblftp-devel-3.7.4-1.1mdvmes5.1.i586.rpm \r\n 5d46343519e5e1a495ed1d7980527dd6 mes5/SRPMS/lftp-3.7.4-1.1mdvmes5.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n aa0674de92d88ea5520e6c86e77fa3e6 mes5/x86_64/lftp-3.7.4-1.1mdvmes5.1.x86_64.rpm\r\n c415d4ff0363c8c264de64f019e988b0 mes5/x86_64/lib64lftp0-3.7.4-1.1mdvmes5.1.x86_64.rpm\r\n 26f7432fb7542a7f0eaecea1b947e47d mes5/x86_64/lib64lftp-devel-3.7.4-1.1mdvmes5.1.x86_64.rpm \r\n 5d46343519e5e1a495ed1d7980527dd6 mes5/SRPMS/lftp-3.7.4-1.1mdvmes5.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFMM3CamqjQ0CJFipgRAhmWAJ4oI1aCNDTCOkdPPcQ/ZyV0lNC5VQCfQW/x\r\n/dxwGaJe13c82YdTpx3eRJI=\r\n=KOVM\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2010-07-08T00:00:00", "title": "[ MDVSA-2010:128 ] lftp", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:35", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-2251"], "modified": "2010-07-08T00:00:00", "id": "SECURITYVULNS:DOC:24191", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24191", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-02T00:02:05", "references": [], "pluginID": "48190", "description": "A vulnerability has been found and corrected in lftp :\n\nThe get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory (CVE-2010-2251).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nAdditionally on 2008.0 lftp has been upgraded to 3.7.4.\n\nThe updated packages have been patched to correct this issue.", "edition": 5, "reporter": "Tenable", "published": "2010-07-30T00:00:00", "title": "Mandriva Linux Security Advisory : lftp (MDVSA-2010:128)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lftp", "p-cpe:/a:mandriva:linux:liblftp-devel", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:liblftp0", "p-cpe:/a:mandriva:linux:lib64lftp-devel", "p-cpe:/a:mandriva:linux:lib64lftp0"], "id": "MANDRIVA_MDVSA-2010-128.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48190", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:128. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48190);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2010-2251\");\n script_xref(name:\"MDVSA\", value:\"2010:128\");\n\n script_name(english:\"Mandriva Linux Security Advisory : lftp (MDVSA-2010:128)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in lftp :\n\nThe get1 command, as used by lftpget, in LFTP before 4.0.6 does not\nproperly validate a server-provided filename before determining the\ndestination filename of a download, which allows remote servers to\ncreate or overwrite arbitrary files via a Content-Disposition header\nthat suggests a crafted filename, and possibly execute arbitrary code\nas a consequence of writing to a dotfile in a home directory\n(CVE-2010-2251).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended\nMaintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nAdditionally on 2008.0 lftp has been upgraded to 3.7.4.\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64lftp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64lftp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:liblftp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:liblftp0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"lftp-3.7.4-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64lftp-devel-3.7.4-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64lftp0-3.7.4-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"liblftp-devel-3.7.4-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"liblftp0-3.7.4-0.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"lftp-3.7.4-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64lftp-devel-3.7.4-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64lftp0-3.7.4-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"liblftp-devel-3.7.4-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"liblftp0-3.7.4-1.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"lftp-3.7.9-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64lftp-devel-3.7.9-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64lftp0-3.7.9-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"liblftp-devel-3.7.9-1.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"liblftp0-3.7.9-1.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"lftp-3.7.15-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64lftp-devel-3.7.15-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64lftp0-3.7.15-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"liblftp-devel-3.7.15-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"liblftp0-3.7.15-1.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:52:08", "references": ["http://www.nessus.org/u?2bbf6354", "https://bugzilla.redhat.com/show_bug.cgi?id=591580"], "pluginID": "49108", "description": "The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.", "edition": 5, "reporter": "Tenable", "published": "2010-09-04T00:00:00", "title": "FreeBSD : lftp -- multiple HTTP client download filename vulnerability (29b7e3f4-b6a9-11df-ae63-f255a795cb21)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:lftp", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_29B7E3F4B6A911DFAE63F255A795CB21.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49108", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49108);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:42\");\n\n script_cve_id(\"CVE-2010-2251\");\n\n script_name(english:\"FreeBSD : lftp -- multiple HTTP client download filename vulnerability (29b7e3f4-b6a9-11df-ae63-f255a795cb21)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The get1 command, as used by lftpget, in LFTP before 4.0.6 does not\nproperly validate a server-provided filename before determining the\ndestination filename of a download, which allows remote servers to\ncreate or overwrite arbitrary files via a Content-Disposition header\nthat suggests a crafted filename, and possibly execute arbitrary code\nas a consequence of writing to a dotfile in a home directory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=591580\"\n );\n # https://vuxml.freebsd.org/freebsd/29b7e3f4-b6a9-11df-ae63-f255a795cb21.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2bbf6354\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lftp<4.0.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:39", "references": ["http://www.nessus.org/u?7e4ea901", "https://bugzilla.redhat.com/show_bug.cgi?id=591580"], "pluginID": "47566", "description": "CVE-2010-2251 lftp: multiple HTTP client download filename vulnerability\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : lftp-4.0.8-1.fc12 (2010-9819)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:lftp", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-9819.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47566", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-9819.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47566);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2010-2251\");\n script_xref(name:\"FEDORA\", value:\"2010-9819\");\n\n script_name(english:\"Fedora 12 : lftp-4.0.8-1.fc12 (2010-9819)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2010-2251 lftp: multiple HTTP client download filename\nvulnerability\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=591580\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e4ea901\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"lftp-4.0.8-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lftp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:53:48", "references": ["https://lists.opensuse.org/opensuse-updates/2010-06/msg00006.html", "https://bugzilla.novell.com/show_bug.cgi?id=606319"], "pluginID": "47121", "description": "This update of lftp improves the filename handling of downloaded files to avoid downloading arbitrary content to unexpected locations (like .login). (CVE-2010-2251)", "edition": 5, "reporter": "Tenable", "published": "2010-06-23T00:00:00", "title": "openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:lftp"], "id": "SUSE_11_1_LFTP-100610.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47121", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lftp-2534.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47121);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2010-2251\");\n\n script_name(english:\"openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)\");\n script_summary(english:\"Check for the lftp-2534 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of lftp improves the filename handling of downloaded files\nto avoid downloading arbitrary content to unexpected locations (like\n.login). (CVE-2010-2251)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=606319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-06/msg00006.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"lftp-3.6.3-5.68.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lftp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-29T19:16:29", "references": ["https://access.redhat.com/errata/RHSA-2010:0585", "https://access.redhat.com/security/cve/cve-2010-2251"], "pluginID": "48232", "description": "An updated lftp package that fixes one security issue is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nLFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.", "edition": 7, "reporter": "Tenable", "published": "2010-08-03T00:00:00", "title": "RHEL 5 : lftp (RHSA-2010:0585)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-11-28T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:lftp"], "id": "REDHAT-RHSA-2010-0585.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48232", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0585. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48232);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/11/28 11:42:04\");\n\n script_cve_id(\"CVE-2010-2251\");\n script_bugtraq_id(43728);\n script_xref(name:\"RHSA\", value:\"2010:0585\");\n\n script_name(english:\"RHEL 5 : lftp (RHSA-2010:0585)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated lftp package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nLFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library\nfor input. It has bookmarks, built-in mirroring, and can transfer\nseveral files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use\nthis flaw to write or overwrite files in the current working directory\nof a victim running lftp, by sending a different file from what the\nvictim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n'xfer:clobber' option now defaults to 'no', causing lftp to not\noverwrite existing files, and a new option, 'xfer:auto-rename', which\ndefaults to 'no', has been introduced to control whether lftp should\nuse server-suggested file names. Refer to the 'Settings' section of\nthe lftp(1) manual page for additional details on changing lftp\nsettings.\n\nAll lftp users should upgrade to this updated package, which contains\na backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0585\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0585\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"lftp-3.7.11-4.el5_5.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"lftp-3.7.11-4.el5_5.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"lftp-3.7.11-4.el5_5.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lftp\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:53:48", "references": ["https://lists.opensuse.org/opensuse-updates/2010-06/msg00006.html", "https://bugzilla.novell.com/show_bug.cgi?id=606319"], "pluginID": "47120", "description": "This update of lftp improves the filename handling of downloaded files to avoid downloading arbitrary content to unexpected locations (like .login). (CVE-2010-2251)", "edition": 5, "reporter": "Tenable", "published": "2010-06-23T00:00:00", "title": "openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:lftp"], "id": "SUSE_11_0_LFTP-100610.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lftp-2534.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47120);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:58\");\n\n script_cve_id(\"CVE-2010-2251\");\n\n script_name(english:\"openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)\");\n script_summary(english:\"Check for the lftp-2534 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of lftp improves the filename handling of downloaded files\nto avoid downloading arbitrary content to unexpected locations (like\n.login). (CVE-2010-2251)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=606319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-06/msg00006.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"lftp-3.6.3-28.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lftp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-24T07:24:14", "references": ["https://usn.ubuntu.com/984-1/"], "pluginID": "49141", "description": "It was discovered that LFTP incorrectly filtered filenames suggested by Content-Disposition headers. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, such as a dotfile, and possibly run arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2010-09-08T00:00:00", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : lftp vulnerability (USN-984-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-11-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:lftp", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-984-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49141", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-984-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49141);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/23 12:49:58\");\n\n script_cve_id(\"CVE-2010-2251\");\n script_xref(name:\"USN\", value:\"984-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : lftp vulnerability (USN-984-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that LFTP incorrectly filtered filenames suggested\nby Content-Disposition headers. If a user or automated system were\ntricked into downloading a file from a malicious site, a remote\nattacker could create the file with an arbitrary name, such as a\ndotfile, and possibly run arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/984-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"lftp\", pkgver:\"3.6.1-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"lftp\", pkgver:\"3.7.8-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"lftp\", pkgver:\"3.7.15-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"lftp\", pkgver:\"4.0.2-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lftp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-11T13:08:45", "references": ["http://www.nessus.org/u?dfd7fb5c", "http://www.nessus.org/u?ce55cd92"], "pluginID": "48219", "description": "An updated lftp package that fixes one security issue is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nLFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.", "edition": 6, "reporter": "Tenable", "published": "2010-08-03T00:00:00", "title": "CentOS 5 : lftp (CESA-2010:0585)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:lftp"], "id": "CENTOS_RHSA-2010-0585.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48219", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0585 and \n# CentOS Errata and Security Advisory 2010:0585 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48219);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2010-2251\");\n script_bugtraq_id(43728);\n script_xref(name:\"RHSA\", value:\"2010:0585\");\n\n script_name(english:\"CentOS 5 : lftp (CESA-2010:0585)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated lftp package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nLFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library\nfor input. It has bookmarks, built-in mirroring, and can transfer\nseveral files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use\nthis flaw to write or overwrite files in the current working directory\nof a victim running lftp, by sending a different file from what the\nvictim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n'xfer:clobber' option now defaults to 'no', causing lftp to not\noverwrite existing files, and a new option, 'xfer:auto-rename', which\ndefaults to 'no', has been introduced to control whether lftp should\nuse server-suggested file names. Refer to the 'Settings' section of\nthe lftp(1) manual page for additional details on changing lftp\nsettings.\n\nAll lftp users should upgrade to this updated package, which contains\na backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016860.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce55cd92\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016861.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfd7fb5c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"lftp-3.7.11-4.el5_5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:38:15", "references": ["https://oss.oracle.com/pipermail/el-errata/2010-August/001576.html"], "pluginID": "68077", "description": "From Red Hat Security Advisory 2010:0585 :\n\nAn updated lftp package that fixes one security issue is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nLFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.", "edition": 4, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : lftp (ELSA-2010-0585)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2015-12-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:lftp"], "id": "ORACLELINUX_ELSA-2010-0585.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68077", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0585 and \n# Oracle Linux Security Advisory ELSA-2010-0585 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68077);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:49:14 $\");\n\n script_cve_id(\"CVE-2010-2251\");\n script_bugtraq_id(43728);\n script_xref(name:\"RHSA\", value:\"2010:0585\");\n\n script_name(english:\"Oracle Linux 5 : lftp (ELSA-2010-0585)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0585 :\n\nAn updated lftp package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nLFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library\nfor input. It has bookmarks, built-in mirroring, and can transfer\nseveral files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use\nthis flaw to write or overwrite files in the current working directory\nof a victim running lftp, by sending a different file from what the\nvictim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n'xfer:clobber' option now defaults to 'no', causing lftp to not\noverwrite existing files, and a new option, 'xfer:auto-rename', which\ndefaults to 'no', has been introduced to control whether lftp should\nuse server-suggested file names. Refer to the 'Settings' section of\nthe lftp(1) manual page for additional details on changing lftp\nsettings.\n\nAll lftp users should upgrade to this updated package, which contains\na backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001576.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"lftp-3.7.11-4.el5_5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lftp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-11T12:39:30", "references": ["https://www.debian.org/security/2010/dsa-2085"], "pluginID": "48247", "description": "It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute arbitrary code (for instance if the attacker elects to write a dotfile in a home directory).", "edition": 6, "reporter": "Tenable", "published": "2010-08-05T00:00:00", "title": "Debian DSA-2085-1 : lftp - missing input validation", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2251"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:lftp", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2085.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48247", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2085. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48247);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2010-2251\");\n script_bugtraq_id(43728);\n script_xref(name:\"DSA\", value:\"2085\");\n\n script_name(english:\"Debian DSA-2085-1 : lftp - missing input validation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that in lftp, a command-line HTTP/FTP client, there\nis no proper validation of the filename provided by the server through\nthe Content-Disposition header; attackers can use this flaw by\nsuggesting a filename they wish to overwrite on the client machine,\nand then possibly execute arbitrary code (for instance if the attacker\nelects to write a dotfile in a home directory).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2085\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lftp packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.7.3-1+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"lftp\", reference:\"3.7.3-1+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:15:02", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "packageVersion": "3.7.3-1+lenny1", "arch": "all", "packageFilename": "lftp_3.7.3-1+lenny1_all.deb", "packageName": "lftp", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2085-1 security@debian.org\nhttp://www.debian.org/security/ Sebastien Delafond\nAugust 03, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : lftp\nVulnerability : missing input validation\nProblem type : remote (local)\nDebian-specific: no\nCVE Id : CVE-2010-2251\n\nIt was discovered that in lftp, a command-line HTTP/FTP client, there is\nno proper validation of the filename provided by the server through the\nContent-Disposition header; attackers can use this flaw by suggesting a\nfilename they wish to overwrite on the client machine, and then possibly\nexecute arbitrary code (for instance if the attacker elects to write a\ndotfile in a home directory).\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.7.3-1+lenny1.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 4.0.6-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.0.6-1.\n\nWe recommend that you upgrade your lftp packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1.dsc\n Size/MD5 checksum: 1059 64112d74da53a2b3fc9336618115e1eb\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1.diff.gz\n Size/MD5 checksum: 13674 09040587c1e33a732682d425a3627da2\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3.orig.tar.gz\n Size/MD5 checksum: 1844300 576a7b1249038ba761325671dd2eba26\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_alpha.deb\n Size/MD5 checksum: 711424 91c615f46c5dc48adc6dd45d20076b9a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_amd64.deb\n Size/MD5 checksum: 656172 15b40a343fecd7984b95e32dcda6eeed\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_arm.deb\n Size/MD5 checksum: 574538 63404d61be53f9d459ee8171e027b9c2\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_armel.deb\n Size/MD5 checksum: 581470 7d80d23b595a9a087c76b6bcdf83e285\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_hppa.deb\n Size/MD5 checksum: 671790 1cebd061da662b9cf2479eeea5c8f9a1\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_i386.deb\n Size/MD5 checksum: 586716 e86f9d7ae3e182c90f85b1f92924ba1c\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_ia64.deb\n Size/MD5 checksum: 877390 ae790318fc5101487f6871bc108ae091\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_mips.deb\n Size/MD5 checksum: 649034 334ee6e763e7de4c1efd7b55875e1d04\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_mipsel.deb\n Size/MD5 checksum: 647518 409d0d333d2370f7003ff54a4a11cab3\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_powerpc.deb\n Size/MD5 checksum: 613568 9bd37572fc37a038c5f17bb626a72634\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_s390.deb\n Size/MD5 checksum: 633538 e7b2bd269c910bd39c6cd924b62b4059\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_sparc.deb\n Size/MD5 checksum: 585096 85f9f06f175d544e0ac380a29e2e00e3\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2010-08-03T17:44:53", "title": "[SECURITY] [DSA 2085-1] New lftp packages fix file overwrite vulnerability", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:15:02", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-2251"], "modified": "2010-08-03T17:44:53", "id": "DEBIAN:DSA-2085-1:7E91D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00130.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:35", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0585.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "packageFilename": "lftp-3.7.11-4.el5_5.3.x86_64.rpm", "packageName": "lftp", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "packageFilename": "lftp-3.7.11-4.el5_5.3.src.rpm", "packageName": "lftp", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "packageFilename": "lftp-3.7.11-4.el5_5.3.src.rpm", "packageName": "lftp", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "packageFilename": "lftp-3.7.11-4.el5_5.3.i386.rpm", "packageName": "lftp", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0585\n\n\nLFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library for\ninput. It has bookmarks, built-in mirroring, and can transfer several files\nin parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use this\nflaw to write or overwrite files in the current working directory of a\nvictim running lftp, by sending a different file from what the victim\nrequested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n\"xfer:clobber\" option now defaults to \"no\", causing lftp to not overwrite\nexisting files, and a new option, \"xfer:auto-rename\", which defaults to\n\"no\", has been introduced to control whether lftp should use\nserver-suggested file names. Refer to the \"Settings\" section of the lftp(1)\nmanual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a\nbackported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016860.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016861.html\n\n**Affected packages:**\nlftp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0585.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-08-02T20:39:46", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "lftp security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2251"], "modified": "2010-08-02T20:39:46", "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/016860.html", "id": "CESA-2010:0585", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:48:51", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "ia64", "packageFilename": "lftp-3.7.11-4.el5_5.3.ia64.rpm", "packageName": "lftp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "i386", "packageFilename": "lftp-3.7.11-4.el5_5.3.i386.rpm", "packageName": "lftp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "src", "packageFilename": "lftp-3.7.11-4.el5_5.3.src.rpm", "packageName": "lftp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "src", "packageFilename": "lftp-3.7.11-4.el5_5.3.src.rpm", "packageName": "lftp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "src", "packageFilename": "lftp-3.7.11-4.el5_5.3.src.rpm", "packageName": "lftp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "x86_64", "packageFilename": "lftp-3.7.11-4.el5_5.3.x86_64.rpm", "packageName": "lftp", "operator": "lt"}], "description": "[3.7.11-4.el5_5.3]\n- Related: CVE-2010-2251 - document change of xfer:clobber default\n value in manpage, respect xfer:clobber on with xfer:auto-rename on\n (old behaviour)\n[3.7.11-4.el5_5.2]\n- Related: CVE-2010-2251 - describe new option xfer:auto-rename\n which could restore old behaviour in manpage\n[3.7.11-4.el5_5.1]\n- Resolves: CVE-2010-2251 - multiple HTTP client download filename\n vulnerability (#617870) ", "edition": 3, "reporter": "Oracle", "published": "2010-08-02T00:00:00", "title": "lftp security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-2251"], "modified": "2010-08-02T00:00:00", "id": "ELSA-2010-0585", "href": "http://linux.oracle.com/errata/ELSA-2010-0585.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2017-09-09T07:19:41", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "i386", "packageFilename": "lftp-3.7.11-4.el5_5.3.i386.rpm", "packageName": "lftp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "src", "packageFilename": "lftp-3.7.11-4.el5_5.3.src.rpm", "packageName": "lftp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "x86_64", "packageFilename": "lftp-3.7.11-4.el5_5.3.x86_64.rpm", "packageName": "lftp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "ppc", "packageFilename": "lftp-3.7.11-4.el5_5.3.ppc.rpm", "packageName": "lftp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "s390x", "packageFilename": "lftp-3.7.11-4.el5_5.3.s390x.rpm", "packageName": "lftp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.7.11-4.el5_5.3", "arch": "ia64", "packageFilename": "lftp-3.7.11-4.el5_5.3.ia64.rpm", "packageName": "lftp", "operator": "lt"}], "description": "LFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library for\ninput. It has bookmarks, built-in mirroring, and can transfer several files\nin parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use this\nflaw to write or overwrite files in the current working directory of a\nvictim running lftp, by sending a different file from what the victim\nrequested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n\"xfer:clobber\" option now defaults to \"no\", causing lftp to not overwrite\nexisting files, and a new option, \"xfer:auto-rename\", which defaults to\n\"no\", has been introduced to control whether lftp should use\nserver-suggested file names. Refer to the \"Settings\" section of the lftp(1)\nmanual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a\nbackported patch to correct this issue.\n", "reporter": "RedHat", "published": "2010-08-02T04:00:00", "type": "redhat", "title": "(RHSA-2010:0585) Moderate: lftp security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-2251"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:15:56", "id": "RHSA-2010:0585", "href": "https://access.redhat.com/errata/RHSA-2010:0585", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:52", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2251"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "3.7.15-1ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "lftp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "3.6.1-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "lftp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "4.0.2-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "lftp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "3.7.8-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "lftp", "operator": "lt"}], "description": "It was discovered that LFTP incorrectly filtered filenames suggested by Content-Disposition headers. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, such as a dotfile, and possibly run arbitrary code.", "edition": 3, "reporter": "Ubuntu", "published": "2010-09-07T00:00:00", "title": "LFTP vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-2251"], "modified": "2010-09-07T00:00:00", "id": "USN-984-1", "href": "https://usn.ubuntu.com/984-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:19", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=591580"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "lftp", "operator": "lt"}], "description": "\nThe get1 command, as used by lftpget, in LFTP before 4.0.6 does\n\t not properly validate a server-provided filename before determining\n\t the destination filename of a download, which allows remote servers\n\t to create or overwrite arbitrary files via a Content-Disposition\n\t header that suggests a crafted filename, and possibly execute\n\t arbitrary code as a consequence of writing to a dotfile in a home\n\t directory.\n", "edition": 3, "reporter": "FreeBSD", "published": "2010-06-09T00:00:00", "title": "lftp -- multiple HTTP client download filename vulnerability", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-2251"], "modified": "2010-06-09T00:00:00", "id": "29B7E3F4-B6A9-11DF-AE63-F255A795CB21", "href": "https://vuxml.freebsd.org/freebsd/29b7e3f4-b6a9-11df-ae63-f255a795cb21.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:16", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741", "https://bugs.gentoo.org/show_bug.cgi?id=302478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2624", "https://bugs.gentoo.org/show_bug.cgi?id=315235", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4896", "https://bugs.gentoo.org/show_bug.cgi?id=298067", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0001", "https://bugs.gentoo.org/show_bug.cgi?id=326953", "https://bugs.gentoo.org/show_bug.cgi?id=159556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4029", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2529", "https://bugs.gentoo.org/show_bug.cgi?id=208464", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6661", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0553", "https://bugs.gentoo.org/show_bug.cgi?id=333661", "https://bugs.gentoo.org/show_bug.cgi?id=320961", "https://bugs.gentoo.org/show_bug.cgi?id=300375", "https://bugs.gentoo.org/show_bug.cgi?id=322457", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2809", "https://bugs.gentoo.org/show_bug.cgi?id=326759", "https://bugs.gentoo.org/show_bug.cgi?id=316697", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0946", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0829", "https://bugs.gentoo.org/show_bug.cgi?id=329939", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2060", "https://bugs.gentoo.org/show_bug.cgi?id=319719", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4411", "https://bugs.gentoo.org/show_bug.cgi?id=331421", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5907", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1511", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3005", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0732", "https://bugs.gentoo.org/show_bug.cgi?id=307525", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0361", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2042", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6218", "https://bugs.gentoo.org/show_bug.cgi?id=307633", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2945", "https://bugs.gentoo.org/show_bug.cgi?id=253822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0436", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2192", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205", "https://bugs.gentoo.org/show_bug.cgi?id=329125", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2251", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2056", "https://bugs.gentoo.org/show_bug.cgi?id=332527", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0360", "https://bugs.gentoo.org/show_bug.cgi?id=325507", "https://bugs.gentoo.org/show_bug.cgi?id=259968", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1000", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382", "https://bugs.gentoo.org/show_bug.cgi?id=300943", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.2", "packageFilename": "UNKNOWN", "packageName": "dev-libs/liblzw", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.4.6", "packageFilename": "UNKNOWN", "packageName": "app-misc/beanstalkd", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2010.08.05", "packageFilename": "UNKNOWN", "packageName": "www-client/uzbl", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.1-r1", "packageFilename": "UNKNOWN", "packageName": "media-tv/dvbstreamer", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.13", "packageFilename": "UNKNOWN", "packageName": "app-text/dvipng", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "5.1.4", "packageFilename": "UNKNOWN", "packageName": "dev-util/sourcenav", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "804.028-r2", "packageFilename": "UNKNOWN", "packageName": "dev-perl/perl-tk", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "6.7.1-r1", "packageFilename": "UNKNOWN", "packageName": "dev-util/insight", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.6.8", "packageFilename": "UNKNOWN", "packageName": "sys-block/partimage", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.0.6", "packageFilename": "UNKNOWN", "packageName": "net-ftp/lftp", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.4", "packageFilename": "UNKNOWN", "packageName": "app-arch/gzip", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.9.23", "packageFilename": "UNKNOWN", "packageName": "sys-apps/pmount", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.3.2", "packageFilename": "UNKNOWN", "packageName": "x11-misc/slim", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.17.1", "packageFilename": "UNKNOWN", "packageName": "net-mail/mlmmj", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.3.5-r1", "packageFilename": "UNKNOWN", "packageName": "kde-base/kget", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.7.1", "packageFilename": "UNKNOWN", "packageName": "app-text/gv", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.0-r4", "packageFilename": "UNKNOWN", "packageName": "x11-apps/xinit", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.3", "packageFilename": "UNKNOWN", "packageName": "sys-auth/pam_krb5", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.3.5-r1", "packageFilename": "UNKNOWN", "packageName": "kde-base/kdm", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.2.49", "packageFilename": "UNKNOWN", "packageName": "sys-apps/acl", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.5.4.3-r3", "packageFilename": "UNKNOWN", "packageName": "media-gfx/splashutils", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "8.4.18-r1", "packageFilename": "UNKNOWN", "packageName": "dev-lang/tk", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "7.1", "packageFilename": "UNKNOWN", "packageName": "app-antivirus/bitdefender-console", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.2.4.3", "packageFilename": "UNKNOWN", "packageName": "app-arch/ncompress", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.4.14-r1", "packageFilename": "UNKNOWN", "packageName": "sys-devel/m4", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.18.7", "packageFilename": "UNKNOWN", "packageName": "x11-libs/gtk+", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "20100418", "packageFilename": "UNKNOWN", "packageName": "net-misc/iputils", "arch": "all", "operator": "lt"}], "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * Insight\n * Perl Tk Module\n * Source-Navigator\n * Tk\n * Partimage\n * Mlmmj\n * acl\n * Xinit\n * gzip\n * ncompress\n * liblzw\n * splashutils\n * GNU M4\n * KDE Display Manager\n * GTK+\n * KGet\n * dvipng\n * Beanstalk\n * Policy Mount\n * pam_krb5\n * GNU gv\n * LFTP\n * Uzbl\n * Slim\n * Bitdefender Console\n * iputils\n * DVBStreamer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll Insight users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/insight-6.7.1-r1\"\n \n\nAll Perl Tk Module users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-perl/perl-tk-804.028-r2\"\n \n\nAll Source-Navigator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/sourcenav-5.1.4\"\n \n\nAll Tk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/tk-8.4.18-r1\"\n \n\nAll Partimage users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-block/partimage-0.6.8\"\n \n\nAll Mlmmj users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-mail/mlmmj-1.2.17.1\"\n \n\nAll acl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/acl-2.2.49\"\n \n\nAll Xinit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xinit-1.2.0-r4\"\n \n\nAll gzip users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/gzip-1.4\"\n \n\nAll ncompress users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/ncompress-4.2.4.3\"\n \n\nAll liblzw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/liblzw-0.2\"\n \n\nAll splashutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-gfx/splashutils-1.5.4.3-r3\"\n \n\nAll GNU M4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/m4-1.4.14-r1\"\n \n\nAll KDE Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdm-4.3.5-r1\"\n \n\nAll GTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/gtk+-2.18.7\"\n \n\nAll KGet 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kget-4.3.5-r1\"\n \n\nAll dvipng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/dvipng-1.13\"\n \n\nAll Beanstalk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-misc/beanstalkd-1.4.6\"\n \n\nAll Policy Mount users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/pmount-0.9.23\"\n \n\nAll pam_krb5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/pam_krb5-4.3\"\n \n\nAll GNU gv users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gv-3.7.1\"\n \n\nAll LFTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-ftp/lftp-4.0.6\"\n \n\nAll Uzbl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/uzbl-2010.08.05\"\n \n\nAll Slim users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slim-1.3.2\"\n \n\nAll iputils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/iputils-20100418\"\n \n\nAll DVBStreamer users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-tv/dvbstreamer-1.1-r1\"\n \n\nGentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console: \n \n \n # emerge --unmerge \"app-antivirus/bitdefender-console\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-12-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2010", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2060", "CVE-2009-4411", "CVE-2008-0553", "CVE-2009-0946", "CVE-2010-1511", "CVE-2009-0361", "CVE-2008-6218", "CVE-2008-5907", "CVE-2010-0436", "CVE-2010-1205", "CVE-2007-2741", "CVE-2010-0829", "CVE-2009-4896", "CVE-2010-2945", "CVE-2010-2809", "CVE-2009-0040", "CVE-2010-2192", "CVE-2010-2056", "CVE-2009-2042", "CVE-2010-0001", "CVE-2008-6661", "CVE-2010-2529", "CVE-2009-4029", "CVE-2006-3005", "CVE-2010-2251", "CVE-2009-0360", "CVE-2010-0732", "CVE-2008-1382", "CVE-2009-3736", "CVE-2010-1000", "CVE-2009-2624"], "modified": "2014-12-11T00:00:00", "id": "GLSA-201412-08", "href": "https://security.gentoo.org/glsa/201412-08", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
