ID CVE-2007-2348
Summary mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
References
Vulnerable Configurations
  • cpe:2.3:a:alexander_v._lukyanov:lftp:*:*:*:*:*:*:*:*
    cpe:2.3:a:alexander_v._lukyanov:lftp:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 13-02-2023 - 02:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:08:57.369-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
family unix
id oval:org.mitre.oval:def:10806
status accepted
submitted 2010-07-09T03:56:16-04:00
title mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
version 18
redhat via4
advisories
bugzilla
id 236238
title CVE-2007-2348 lftp mirror --script does not escape names and targets of symbolic links
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • comment lftp is earlier than 0:3.7.11-4.el5
      oval oval:com.redhat.rhsa:tst:20091278001
    • comment lftp is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20091278002
rhsa
id RHSA-2009:1278
released 2009-09-02
severity Low
title RHSA-2009:1278: lftp security and bug fix update (Low)
rpms
  • lftp-0:3.7.11-4.el5
  • lftp-debuginfo-0:3.7.11-4.el5
refmap via4
bid 23736
confirm
secunia
  • 25107
  • 25132
  • 36559
vupen ADV-2007-1590
statements via4
contributor Joshua Bressers
lastmodified 2009-09-02
organization Red Hat
statement This issue does not affect lftp as supplied with Red Hat Enterprise Linux 3. This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1278.html The Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Enterprise Linux 4 may address this flaw.
Last major update 13-02-2023 - 02:17
Published 27-04-2007 - 18:19
Last modified 13-02-2023 - 02:17
Back to Top