CERTA-2003-AVI-059
Vulnerability from certfr_avis - Published: - Updated:None
Description
FTP (File Transfert Protocol) est un protocole client/serveur permettant
l'échange de fichiers.
Certains clients ont un problème dans la gestion des noms de fichiers
débutant par un "pipe". Un individu mal intentionné possédant les droits
d'administration sur le serveur peut créer un fichier avec un nom
judicieusement choisi afin d'exécuter des commandes arbitraires lors de
son téléchargement par un client FTP vulnérable.
Solution
Appliquer les correctifs fournis suivant la plate-forme et la version affectée (cf. Documentation).
Certains clients FTP présents dans plusieurs systèmes :
- Mandrake ;
- RedHat ;
- SUN ;
- SCO ;
- IRIX.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eCertains clients FTP pr\u00e9sents dans plusieurs syst\u00e8mes : \u003cUL\u003e \u003cLI\u003eMandrake ;\u003c/LI\u003e \u003cLI\u003eRedHat ;\u003c/LI\u003e \u003cLI\u003eSUN ;\u003c/LI\u003e \u003cLI\u003eSCO ;\u003c/LI\u003e \u003cLI\u003eIRIX.\u003c/LI\u003e \u003c/UL\u003e\u003c/p\u003e",
"content": "## Description\n\nFTP (File Transfert Protocol) est un protocole client/serveur permettant\nl\u0027\u00e9change de fichiers. \nCertains clients ont un probl\u00e8me dans la gestion des noms de fichiers\nd\u00e9butant par un \"pipe\". Un individu mal intentionn\u00e9 poss\u00e9dant les droits\nd\u0027administration sur le serveur peut cr\u00e9er un fichier avec un nom\njudicieusement choisi afin d\u0027ex\u00e9cuter des commandes arbitraires lors de\nson t\u00e9l\u00e9chargement par un client FTP vuln\u00e9rable.\n\n## Solution\n\nAppliquer les correctifs fournis suivant la plate-forme et la version\naffect\u00e9e (cf. Documentation).\n",
"cves": [],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IRIX :",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030304-01-P"
},
{
"title": "Avis VU#258721 du CERT/CC :",
"url": "http://www.kb.cert.org/vuls/id/258721"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandrake :",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKASA-2003:021"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUN :",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50222"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat :",
"url": "http://rhn.redhat.com/errata/RHSA-2003-020.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SCO :",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3"
}
],
"reference": "CERTA-2003-AVI-059",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2003-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de commandes arbitraires \u00e0 distance"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 dans certains clients FTP",
"vendor_advisories": [
{
"published_at": null,
"title": "Vuln\u00e9rabilit\u00e9 VU#258721 du CERT/CC",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…