CVE-2011-3991 - Untrusted search path vulnerability in FFFTP 1.98a and earlier allows local users to execute arbitra

CVE-2011-3991

Summary

Untrusted search path vulnerability in FFFTP 1.98a and earlier allows local users to execute arbitrary code via unspecified functions. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

References

http://jvn.jp/en/jp/JVN62336482/index.html
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000091.html
http://secunia.com/advisories/46649
http://sourceforge.jp/projects/ffftp/wiki/Security
http://www.securityfocus.com/bid/50412
https://exchange.xforce.ibmcloud.com/vulnerabilities/71020

Vulnerable Configurations

cpe:2.3:a:ffftp:ffftp:1.98:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.98:*:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.98:a:*:*:*:*:*:*
cpe:2.3:a:ffftp:ffftp:1.98:a:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-08-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	50412
confirm	http://sourceforge.jp/projects/ffftp/wiki/Security
jvn	JVN#62336482
jvndb	JVNDB-2011-000091
secunia	46649
xf	ffftp-code-execution(71020)

Last major update

29-08-2017 - 01:30

Published

04-11-2011 - 21:55

Last modified

29-08-2017 - 01:30