ID SL_20100802_LFTP_FOR_SL_5.NASL Type nessus Reporter Tenable Modified 2012-08-01T00:00:00
Description
LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.
It was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)
To correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.
All lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include("compat.inc");
if (description)
{
script_id(60827);
script_version("$Revision: 1.1 $");
script_cvs_date("$Date: 2012/08/01 14:38:54 $");
script_cve_id("CVE-2010-2251");
script_name(english:"Scientific Linux Security Update : lftp for SL 5");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Scientific Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"LFTP is a sophisticated file transfer program for the FTP and HTTP
protocols. Like Bash, it has job control and uses the Readline library
for input. It has bookmarks, built-in mirroring, and can transfer
several files in parallel. It is designed with reliability in mind.
It was discovered that lftp trusted the file name provided in the
Content-Disposition HTTP header. A malicious HTTP server could use
this flaw to write or overwrite files in the current working directory
of a victim running lftp, by sending a different file from what the
victim requested. (CVE-2010-2251)
To correct this flaw, the following changes were made to lftp: the
'xfer:clobber' option now defaults to 'no', causing lftp to not
overwrite existing files, and a new option, 'xfer:auto-rename', which
defaults to 'no', has been introduced to control whether lftp should
use server-suggested file names. Refer to the 'Settings' section of
the lftp(1) manual page for additional details on changing lftp
settings.
All lftp users should upgrade to this updated package, which contains
a backported patch to correct this issue."
);
# http://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=184
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?c1606f2b"
);
script_set_attribute(attribute:"solution", value:"Update the affected lftp package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2010/08/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012 Tenable Network Security, Inc.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"lftp-3.7.11-4.el5_5.3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"published": "2012-08-01T00:00:00", "id": "SL_20100802_LFTP_FOR_SL_5.NASL", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:42", "bulletin": {"enchantments": {}, "published": "2012-08-01T00:00:00", "id": "SL_20100802_LFTP_FOR_SL_5.NASL", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "cpe": [], "hash": "22f128b3f2d05f0475b7df05fbde13df28508dee45ee76bbee1a3d6060fe7ec4", "description": "LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.", "type": "nessus", "pluginID": "60827", "lastseen": "2016-09-26T17:25:42", "edition": 1, "title": "Scientific Linux Security Update : lftp for SL 5", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60827", "modified": "2012-08-01T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2010-2251"], "references": ["http://www.nessus.org/u?c1606f2b"], "naslFamily": "Scientific Linux Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60827);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:54 $\");\n\n script_cve_id(\"CVE-2010-2251\");\n\n script_name(english:\"Scientific Linux Security Update : lftp for SL 5\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"LFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library\nfor input. It has bookmarks, built-in mirroring, and can transfer\nseveral files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use\nthis flaw to write or overwrite files in the current working directory\nof a victim running lftp, by sending a different file from what the\nvictim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n'xfer:clobber' option now defaults to 'no', causing lftp to not\noverwrite existing files, and a new option, 'xfer:auto-rename', which\ndefaults to 'no', has been introduced to control whether lftp should\nuse server-suggested file names. Refer to the 'Settings' section of\nthe lftp(1) manual page for additional details on changing lftp\nsettings.\n\nAll lftp users should upgrade to this updated package, which contains\na backported patch to correct this issue.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=184\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1606f2b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"lftp-3.7.11-4.el5_5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "ff8bf48951e7537c8529cab34571da3c", "key": "description"}, {"hash": "51e91d653d51be816be0dded6ee466f6", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "04886914947d222e836307ade6a5f1ec", "key": "sourceData"}, {"hash": "1a5a26451105562d1dcb2c5927ae7aa8", "key": "pluginID"}, {"hash": "d1b02e05e6783a7fd4cd11a8a73492fc", "key": "title"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "4357a9364a7b460d78097f269986b389", "key": "cvelist"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "2fd0005c47691074f6f522e25d0be997", "key": "href"}], "objectVersion": "1.2"}}], "description": "LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.", "hash": "8ec9d37811136633b13d21217e8242570efd5766d20460e067e2e81a66679b0a", "enchantments": {"vulnersScore": 5.0}, "type": "nessus", "pluginID": "60827", "lastseen": "2017-10-29T13:42:07", "edition": 2, "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "title": "Scientific Linux Security Update : lftp for SL 5", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60827", "modified": "2012-08-01T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2010-2251"], "references": ["http://www.nessus.org/u?c1606f2b"], "naslFamily": "Scientific Linux Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60827);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:38:54 $\");\n\n script_cve_id(\"CVE-2010-2251\");\n\n script_name(english:\"Scientific Linux Security Update : lftp for SL 5\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"LFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library\nfor input. It has bookmarks, built-in mirroring, and can transfer\nseveral files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use\nthis flaw to write or overwrite files in the current working directory\nof a victim running lftp, by sending a different file from what the\nvictim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n'xfer:clobber' option now defaults to 'no', causing lftp to not\noverwrite existing files, and a new option, 'xfer:auto-rename', which\ndefaults to 'no', has been introduced to control whether lftp should\nuse server-suggested file names. Refer to the 'Settings' section of\nthe lftp(1) manual page for additional details on changing lftp\nsettings.\n\nAll lftp users should upgrade to this updated package, which contains\na backported patch to correct this issue.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=184\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1606f2b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lftp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"lftp-3.7.11-4.el5_5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "4357a9364a7b460d78097f269986b389", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "ff8bf48951e7537c8529cab34571da3c", "key": "description"}, {"hash": "2fd0005c47691074f6f522e25d0be997", "key": "href"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "modified"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "1a5a26451105562d1dcb2c5927ae7aa8", "key": "pluginID"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "51e91d653d51be816be0dded6ee466f6", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "04886914947d222e836307ade6a5f1ec", "key": "sourceData"}, {"hash": "d1b02e05e6783a7fd4cd11a8a73492fc", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}
{"result": {"cve": [{"id": "CVE-2010-2251", "type": "cve", "title": "CVE-2010-2251", "description": "The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.", "published": "2010-07-06T13:17:13", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2251", "cvelist": ["CVE-2010-2251"], "lastseen": "2016-09-03T14:01:12"}], "nessus": [{"id": "REDHAT-RHSA-2010-0585.NASL", "type": "nessus", "title": "RHEL 5 : lftp (RHSA-2010:0585)", "description": "An updated lftp package that fixes one security issue is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nLFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.", "published": "2010-08-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=48232", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-10-29T13:33:21"}, {"id": "UBUNTU_USN-984-1.NASL", "type": "nessus", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : lftp vulnerability (USN-984-1)", "description": "It was discovered that LFTP incorrectly filtered filenames suggested by Content-Disposition headers. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, such as a dotfile, and possibly run arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-09-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=49141", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-10-29T13:40:36"}, {"id": "SUSE_11_0_LFTP-100610.NASL", "type": "nessus", "title": "openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)", "description": "This update of lftp improves the filename handling of downloaded files to avoid downloading arbitrary content to unexpected locations (like .login). (CVE-2010-2251)", "published": "2010-06-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47120", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-10-29T13:38:12"}, {"id": "MANDRIVA_MDVSA-2010-128.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : lftp (MDVSA-2010:128)", "description": "A vulnerability has been found and corrected in lftp :\n\nThe get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory (CVE-2010-2251).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nAdditionally on 2008.0 lftp has been upgraded to 3.7.4.\n\nThe updated packages have been patched to correct this issue.", "published": "2010-07-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=48190", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-10-29T13:43:04"}, {"id": "FREEBSD_PKG_29B7E3F4B6A911DFAE63F255A795CB21.NASL", "type": "nessus", "title": "FreeBSD : lftp -- multiple HTTP client download filename vulnerability (29b7e3f4-b6a9-11df-ae63-f255a795cb21)", "description": "The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.", "published": "2010-09-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=49108", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-10-29T13:37:20"}, {"id": "FEDORA_2010-9819.NASL", "type": "nessus", "title": "Fedora 12 : lftp-4.0.8-1.fc12 (2010-9819)", "description": "CVE-2010-2251 lftp: multiple HTTP client download filename vulnerability\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47566", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-10-29T13:34:00"}, {"id": "SUSE_11_1_LFTP-100610.NASL", "type": "nessus", "title": "openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)", "description": "This update of lftp improves the filename handling of downloaded files to avoid downloading arbitrary content to unexpected locations (like .login). (CVE-2010-2251)", "published": "2010-06-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47121", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-10-29T13:38:11"}, {"id": "SUSE_11_2_LFTP-100610.NASL", "type": "nessus", "title": "openSUSE Security Update : lftp (openSUSE-SU-2010:0334-1)", "description": "This update of lftp improves the filename handling of downloaded files to avoid downloading arbitrary content to unexpected locations (like .login). (CVE-2010-2251)", "published": "2010-06-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47122", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-10-29T13:33:27"}, {"id": "ORACLELINUX_ELSA-2010-0585.NASL", "type": "nessus", "title": "Oracle Linux 5 : lftp (ELSA-2010-0585)", "description": "From Red Hat Security Advisory 2010:0585 :\n\nAn updated lftp package that fixes one security issue is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nLFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the 'xfer:clobber' option now defaults to 'no', causing lftp to not overwrite existing files, and a new option, 'xfer:auto-rename', which defaults to 'no', has been introduced to control whether lftp should use server-suggested file names. Refer to the 'Settings' section of the lftp(1) manual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a backported patch to correct this issue.", "published": "2013-07-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68077", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-10-29T13:35:27"}, {"id": "DEBIAN_DSA-2085.NASL", "type": "nessus", "title": "Debian DSA-2085-1 : lftp - missing input validation", "description": "It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute arbitrary code (for instance if the attacker elects to write a dotfile in a home directory).", "published": "2010-08-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=48247", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-10-29T13:33:18"}], "debian": [{"id": "DSA-2085", "type": "debian", "title": "lftp -- missing input validation", "description": "It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute arbitrary code (for instance if the attacker elects to write a dotfile in a home directory).\n\nFor the stable distribution (lenny), this problem has been fixed in version 3.7.3-1+lenny1.\n\nFor the testing distribution (squeeze), this problem has been fixed in version 4.0.6-1.\n\nFor the unstable distribution (sid), this problem has been fixed in version 4.0.6-1.\n\nWe recommend that you upgrade your lftp packages.", "published": "2010-08-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2085", "cvelist": ["CVE-2010-2251"], "lastseen": "2016-09-02T18:35:27"}], "openvas": [{"id": "OPENVAS:840494", "type": "openvas", "title": "Ubuntu Update for lftp vulnerability USN-984-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-984-1", "published": "2010-09-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840494", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-12-04T11:18:13"}, {"id": "OPENVAS:1361412562310840494", "type": "openvas", "title": "Ubuntu Update for lftp vulnerability USN-984-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-984-1", "published": "2010-09-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840494", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-12-21T11:33:12"}, {"id": "OPENVAS:1361412562310830998", "type": "openvas", "title": "Mandriva Update for epiphany MDVA-2010:128-1 (epiphany)", "description": "Check for the Version of epiphany", "published": "2010-04-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830998", "cvelist": ["CVE-2010-2251"], "lastseen": "2018-01-18T11:04:58"}, {"id": "OPENVAS:1361412562310870306", "type": "openvas", "title": "RedHat Update for lftp RHSA-2010:0585-01", "description": "Check for the Version of lftp", "published": "2010-08-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870306", "cvelist": ["CVE-2010-2251"], "lastseen": "2018-01-23T13:05:55"}, {"id": "OPENVAS:67996", "type": "openvas", "title": "FreeBSD Ports: lftp", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2010-10-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=67996", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-07-02T21:09:56"}, {"id": "OPENVAS:1361412562310880589", "type": "openvas", "title": "CentOS Update for lftp CESA-2010:0585 centos5 i386", "description": "Check for the Version of lftp", "published": "2011-08-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880589", "cvelist": ["CVE-2010-2251"], "lastseen": "2018-04-09T11:36:41"}, {"id": "OPENVAS:1361412562310122336", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0585", "description": "Oracle Linux Local Security Checks ELSA-2010-0585", "published": "2015-10-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122336", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-07-24T12:52:27"}, {"id": "OPENVAS:1361412562310862209", "type": "openvas", "title": "Fedora Update for lftp FEDORA-2010-9819", "description": "Check for the Version of lftp", "published": "2010-07-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862209", "cvelist": ["CVE-2010-2251"], "lastseen": "2018-01-02T10:54:41"}, {"id": "OPENVAS:136141256231067840", "type": "openvas", "title": "Debian Security Advisory DSA 2085-1 (lftp)", "description": "The remote host is missing an update to lftp\nannounced via advisory DSA 2085-1.", "published": "2010-08-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067840", "cvelist": ["CVE-2010-2251"], "lastseen": "2018-01-06T13:04:57"}, {"id": "OPENVAS:1361412562310831001", "type": "openvas", "title": "Mandriva Update for epiphany MDVA-2010:128 (epiphany)", "description": "Check for the Version of epiphany", "published": "2010-04-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831001", "cvelist": ["CVE-2010-2251"], "lastseen": "2018-01-26T11:05:32"}], "centos": [{"id": "CESA-2010:0585", "type": "centos", "title": "lftp security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0585\n\n\nLFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library for\ninput. It has bookmarks, built-in mirroring, and can transfer several files\nin parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use this\nflaw to write or overwrite files in the current working directory of a\nvictim running lftp, by sending a different file from what the victim\nrequested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n\"xfer:clobber\" option now defaults to \"no\", causing lftp to not overwrite\nexisting files, and a new option, \"xfer:auto-rename\", which defaults to\n\"no\", has been introduced to control whether lftp should use\nserver-suggested file names. Refer to the \"Settings\" section of the lftp(1)\nmanual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a\nbackported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016860.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016861.html\n\n**Affected packages:**\nlftp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0585.html", "published": "2010-08-02T20:39:46", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/016860.html", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-10-03T18:24:35"}], "ubuntu": [{"id": "USN-984-1", "type": "ubuntu", "title": "LFTP vulnerability", "description": "It was discovered that LFTP incorrectly filtered filenames suggested by Content-Disposition headers. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, such as a dotfile, and possibly run arbitrary code.", "published": "2010-09-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/984-1/", "cvelist": ["CVE-2010-2251"], "lastseen": "2018-03-29T18:18:09"}], "freebsd": [{"id": "29B7E3F4-B6A9-11DF-AE63-F255A795CB21", "type": "freebsd", "title": "lftp -- multiple HTTP client download filename vulnerability", "description": "\nThe get1 command, as used by lftpget, in LFTP before 4.0.6 does\n\t not properly validate a server-provided filename before determining\n\t the destination filename of a download, which allows remote servers\n\t to create or overwrite arbitrary files via a Content-Disposition\n\t header that suggests a crafted filename, and possibly execute\n\t arbitrary code as a consequence of writing to a dotfile in a home\n\t directory.\n", "published": "2010-06-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/29b7e3f4-b6a9-11df-ae63-f255a795cb21.html", "cvelist": ["CVE-2010-2251"], "lastseen": "2016-09-26T17:24:48"}], "redhat": [{"id": "RHSA-2010:0585", "type": "redhat", "title": "(RHSA-2010:0585) Moderate: lftp security update", "description": "LFTP is a sophisticated file transfer program for the FTP and HTTP\nprotocols. Like Bash, it has job control and uses the Readline library for\ninput. It has bookmarks, built-in mirroring, and can transfer several files\nin parallel. It is designed with reliability in mind.\n\nIt was discovered that lftp trusted the file name provided in the\nContent-Disposition HTTP header. A malicious HTTP server could use this\nflaw to write or overwrite files in the current working directory of a\nvictim running lftp, by sending a different file from what the victim\nrequested. (CVE-2010-2251)\n\nTo correct this flaw, the following changes were made to lftp: the\n\"xfer:clobber\" option now defaults to \"no\", causing lftp to not overwrite\nexisting files, and a new option, \"xfer:auto-rename\", which defaults to\n\"no\", has been introduced to control whether lftp should use\nserver-suggested file names. Refer to the \"Settings\" section of the lftp(1)\nmanual page for additional details on changing lftp settings.\n\nAll lftp users should upgrade to this updated package, which contains a\nbackported patch to correct this issue.\n", "published": "2010-08-02T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0585", "cvelist": ["CVE-2010-2251"], "lastseen": "2017-09-09T07:19:41"}], "oraclelinux": [{"id": "ELSA-2010-0585", "type": "oraclelinux", "title": "lftp security update", "description": "[3.7.11-4.el5_5.3]\n- Related: CVE-2010-2251 - document change of xfer:clobber default\n value in manpage, respect xfer:clobber on with xfer:auto-rename on\n (old behaviour)\n[3.7.11-4.el5_5.2]\n- Related: CVE-2010-2251 - describe new option xfer:auto-rename\n which could restore old behaviour in manpage\n[3.7.11-4.el5_5.1]\n- Resolves: CVE-2010-2251 - multiple HTTP client download filename\n vulnerability (#617870) ", "published": "2010-08-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0585.html", "cvelist": ["CVE-2010-2251"], "lastseen": "2016-09-04T11:16:11"}], "gentoo": [{"id": "GLSA-201412-08", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2010", "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * Insight\n * Perl Tk Module\n * Source-Navigator\n * Tk\n * Partimage\n * Mlmmj\n * acl\n * Xinit\n * gzip\n * ncompress\n * liblzw\n * splashutils\n * GNU M4\n * KDE Display Manager\n * GTK+\n * KGet\n * dvipng\n * Beanstalk\n * Policy Mount\n * pam_krb5\n * GNU gv\n * LFTP\n * Uzbl\n * Slim\n * Bitdefender Console\n * iputils\n * DVBStreamer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll Insight users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/insight-6.7.1-r1\"\n \n\nAll Perl Tk Module users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-perl/perl-tk-804.028-r2\"\n \n\nAll Source-Navigator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/sourcenav-5.1.4\"\n \n\nAll Tk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/tk-8.4.18-r1\"\n \n\nAll Partimage users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-block/partimage-0.6.8\"\n \n\nAll Mlmmj users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-mail/mlmmj-1.2.17.1\"\n \n\nAll acl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/acl-2.2.49\"\n \n\nAll Xinit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xinit-1.2.0-r4\"\n \n\nAll gzip users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/gzip-1.4\"\n \n\nAll ncompress users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/ncompress-4.2.4.3\"\n \n\nAll liblzw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/liblzw-0.2\"\n \n\nAll splashutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-gfx/splashutils-1.5.4.3-r3\"\n \n\nAll GNU M4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/m4-1.4.14-r1\"\n \n\nAll KDE Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdm-4.3.5-r1\"\n \n\nAll GTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/gtk+-2.18.7\"\n \n\nAll KGet 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kget-4.3.5-r1\"\n \n\nAll dvipng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/dvipng-1.13\"\n \n\nAll Beanstalk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-misc/beanstalkd-1.4.6\"\n \n\nAll Policy Mount users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/pmount-0.9.23\"\n \n\nAll pam_krb5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/pam_krb5-4.3\"\n \n\nAll GNU gv users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gv-3.7.1\"\n \n\nAll LFTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-ftp/lftp-4.0.6\"\n \n\nAll Uzbl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/uzbl-2010.08.05\"\n \n\nAll Slim users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slim-1.3.2\"\n \n\nAll iputils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/iputils-20100418\"\n \n\nAll DVBStreamer users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-tv/dvbstreamer-1.1-r1\"\n \n\nGentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console: \n \n \n # emerge --unmerge \"app-antivirus/bitdefender-console\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.", "published": "2014-12-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201412-08", "cvelist": ["CVE-2010-2060", "CVE-2009-4411", "CVE-2008-0553", "CVE-2009-0946", "CVE-2010-1511", "CVE-2009-0361", "CVE-2008-6218", "CVE-2008-5907", "CVE-2010-0436", "CVE-2010-1205", "CVE-2007-2741", "CVE-2010-0829", "CVE-2009-4896", "CVE-2010-2945", "CVE-2010-2809", "CVE-2009-0040", "CVE-2010-2192", "CVE-2010-2056", "CVE-2009-2042", "CVE-2010-0001", "CVE-2008-6661", "CVE-2010-2529", "CVE-2009-4029", "CVE-2006-3005", "CVE-2010-2251", "CVE-2009-0360", "CVE-2010-0732", "CVE-2008-1382", "CVE-2009-3736", "CVE-2010-1000", "CVE-2009-2624"], "lastseen": "2016-09-06T19:46:16"}]}}