CERTA-2008-AVI-271
Vulnerability from certfr_avis

Une vulnérabilité dans le client Core FTP permet d'exécuter du code arbitraire sur le poste de l'utilisateur.

Description

Une vulnérabilité de type « traversée de répertoires » a été découverte dans le client Core FTP. Un utilisateur malintentionné peut, par le biais d'un lien de téléchargement FTP, exécuter du code arbitraire sur la machine de sa victime.

Solution

Mettre à jour Core FTP en version 2.1 build 1568 (cf. section Documentation).

None
Impacted products
Vendor Product Description
Owncloud Core Core FTP Pro versions 2.1 build 1565 et antérieures.
Owncloud Core Core FTP LE versions 2.1 build 1565 et antérieures ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Core FTP Pro versions 2.1 build 1565 et ant\u00e9rieures.",
      "product": {
        "name": "Core",
        "vendor": {
          "name": "Owncloud",
          "scada": false
        }
      }
    },
    {
      "description": "Core FTP LE versions 2.1 build 1565 et ant\u00e9rieures ;",
      "product": {
        "name": "Core",
        "vendor": {
          "name": "Owncloud",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type \u00ab travers\u00e9e de r\u00e9pertoires \u00bb a \u00e9t\u00e9 d\u00e9couverte\ndans le client Core FTP. Un utilisateur malintentionn\u00e9 peut, par le\nbiais d\u0027un lien de t\u00e9l\u00e9chargement FTP, ex\u00e9cuter du code arbitraire sur\nla machine de sa victime.\n\n## Solution\n\nMettre \u00e0 jour Core FTP en version 2.1 build 1568 (cf. section\nDocumentation).\n",
  "cves": [],
  "initial_release_date": "2008-05-27T00:00:00",
  "last_revision_date": "2008-05-27T00:00:00",
  "links": [
    {
      "title": "Notes de version 2.1 de Core    FTP du 27 mai 2008 :",
      "url": "http://www.coreftp.com/forums/viewtopic.php?t=6078"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement de Core    FTP :",
      "url": "http://www.coreftp.com/download.html"
    }
  ],
  "reference": "CERTA-2008-AVI-271",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le client \u003cspan class=\"textit\"\u003eCore FTP\u003c/span\u003e\npermet d\u0027ex\u00e9cuter du code arbitraire sur le poste de l\u0027utilisateur.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Core FTP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de version 2.1 de Core FTP du 27 mai 2008",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.