fkie_cve-2010-2251
Vulnerability from fkie_nvd
Published
2010-07-06 17:17
Modified
2025-04-11 00:51
Severity ?
Summary
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91BE07CA-6242-4E5D-8153-66449FBE2E92",
"versionEndIncluding": "4.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E071227F-6AC4-4E5E-B1C4-C6C77D906AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC49DA4-46ED-4C27-91A5-56DED988EFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB7F72C-059A-40D2-B7AB-1F270093D1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E692331E-EC84-460F-94C5-352A1D81AB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9047CB53-9B88-4721-ABE1-247108E2018E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F54B81F9-49CD-4D10-82E7-590091D87F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E50FE11C-70B6-4A20-A83C-DF44F01BA441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67337852-E080-4187-ADD4-5B79DADD2FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75D50FC5-CB47-4DC7-914B-1C3D828BD526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A063BC5-F22E-436D-BD74-867D53383857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA60DB67-3ED0-4698-9E40-5AFF248EC953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "54505721-7976-4C01-8C66-EBAA112A8633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54D84499-91AC-485F-86A2-38A246A9BC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5055C435-643D-44F5-A0CD-4720A481A30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD78A02-B657-4777-BB43-503918B45D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF9FCE1-610B-4D0D-9252-ACC6AD36CA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "804D73E1-8558-4E6A-8914-E768680114CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AB3AAA-7796-4283-B1D8-84C191B8B20A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "16638172-55AD-4234-A158-B151299FD885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF236B6-74C8-460D-87E5-95C182CC94F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "36EE177E-89ED-4953-8C9A-5F1606F75B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A25B0AA-407B-46C5-AE62-3A9AA7C86E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6909555D-FA9F-4E91-B176-E709A75E9BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99822672-85E5-4968-BDE7-0489EC054474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "816E076D-7EFA-4D1E-B15A-93E3564898D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39A0F70E-3C7D-421C-A719-18ACEEB7B902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CB37AF-6032-4319-9AD0-5AD2F8C06503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72E65D53-0EC7-433A-B80F-87D163B05E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10C86653-CB14-429E-809B-B46EF53A1EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "554D680C-1BE4-4890-B678-D39D7151E055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "611129C7-5751-4885-A61C-705E2EE0318F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A06F7526-841F-49E3-AB2F-132A062723C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8273E29C-DF2A-47AF-8987-75414F44E537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B924BEEF-F6D5-4F62-8265-61EE33451A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "867BBB3B-8104-42C4-8FEF-9EDA211FE460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B7F5B6-D34E-42A7-8646-9D1FC095CEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E0EE9F-0582-43DD-A5A0-E483423E8F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAA8783-CB7D-4967-BB90-B9C93DBC1506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43DE821C-3178-4B73-8F15-A567AFF90940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AADD206-760E-470B-A9F4-981A268DAAEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDFDED0-D6EA-45F7-AB8E-FF0EAE9B52FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F607A63C-E836-4ABF-A705-CC9AC5360E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07861E82-F2AA-4AD7-9341-8FA3D76BD7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA0CD8-A751-4629-92A4-CF3F42A96745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "92FC73D2-24C0-4C20-B309-C81F57287180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AA088222-3E89-4C80-A5E7-1DD7303BBF4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF18837-2EB8-4E76-85F4-C76C7494BAE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D112336D-FA6E-454D-9B0F-EEDB301AD127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.10a:*:*:*:*:*:*:*",
"matchCriteriaId": "DD194013-C2D5-43D2-BFEF-21A515224814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA23E0B-5392-4392-953B-D8A948AE5BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC9C624-08A3-4996-81BA-3CC3C85459F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB574A-166F-453F-899C-881C7F11B97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "430E34BA-F2A5-456A-94EC-41247E3EDBE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3590A44E-1F5D-4174-BA0E-B8FC854923AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42857A56-4D5B-425C-BD04-B36C8EA5A265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80185A5F-151B-42B6-92C1-D2F7DE1FE918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF8FFF0-C8EF-4F2A-9AAC-D8943F1B56A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "929305F4-2C65-472B-B72B-F6F8231054E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F9DB4E-3F80-4F55-A196-ED980E6B87E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D26360D-8E29-42A1-B5C0-6625B52352A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA467A4-F1FD-44E0-8444-590741EACCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D194098E-509A-4DEF-9C7A-E7D7E000F0D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7043A058-1A78-488E-907A-C63FD61B4F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4B30C4BF-0C0D-4DA8-87DC-4F4FD1EB5C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A83F73-721A-4751-BE36-15EE2FC1ABE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DF974EAF-D0F2-4810-9CD3-5FD824998DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C106C08E-0E74-417C-80B2-966F6FDC4B5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E6DFEE-890F-4FEE-8728-DAE202F4F5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F5B8692-4A94-42EB-90F3-1E91FEFDC9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00552922-D792-48BC-94B2-95580562D898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "03C1A098-E5C7-48EB-A43D-0152DC11C6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "84901E97-7D7A-47CB-A093-4E63E8BC52CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A60009AC-6D43-480B-965D-5AB7FC6A5099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FCF7BC-6374-4083-956D-2BB3968500FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "15738E86-9D9D-4698-8495-DE62407476D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "99523CB4-F928-4F69-9EB5-5B75F5BE095F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4057493B-696A-48B5-8A10-477EF477863E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE637D63-208C-4367-A458-B1A9C7CBD2AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81AFD0B2-3616-4A03-8DA1-BAF730E3FF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA8C17F-7CD1-4065-A3E8-A6031A59FDAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "79C0460B-047B-401D-B974-A769100AEA19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6011DD55-2234-4C3B-B39A-8FE144070200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "667A36C1-B555-4969-8190-F8B39D837A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBEB14F9-00D9-4BC9-92FC-BFCD1FFD4045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA7F49F-5C6B-4B01-8B57-563797248F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF31DCB1-4B9E-462B-990B-921859AFAC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64B5757A-F241-4D5D-A2A4-F62DCAE85983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CBF961E-1AB7-41A8-A05A-EFBA91AA1461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09F4BBA9-8BFF-4597-B48D-FA0DCC91F81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DB25B9-7624-4843-9005-C233A7AB63B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3E94B2-361D-4865-82C1-54CDE9984ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6EAF9DA2-30E9-4F2F-91CE-C99C5F8F8FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "879DABA2-4EAA-4181-B3CC-5B923FD81954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D62404B-CA83-4056-92E1-7BC33C478509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "017997EC-E624-4861-B4D3-F109D067E813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E510BAF-E642-4B45-BE0E-D8B862E98D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAD0054-2A37-45BA-A063-5AB5299E462B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F778D723-ED19-48BA-87AA-30846BB666BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C084609A-9742-4D80-8F32-EBB5249C869E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8730E0B4-A26D-4834-816A-2B6BD9B680C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "47B941E9-B517-485C-9B28-7FFBBEB14F81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4193E4D-61AF-4619-8E0E-9DE1EAE86715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82C33F9E-1EE2-4F54-88F8-93560D33EB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87D289C7-A5B5-4AA0-A51E-5896BFC4F157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD08581-CFA9-49BB-9372-A56B8053C716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08E431D4-E226-493E-BB29-9C2AB0CB0A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81201017-D862-431C-96DA-0A404C602979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F22828E7-3854-4C3C-96A8-83EC2D8593DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52C459F7-49AB-4318-B81F-1CD83B27494A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A7368E64-4713-4EFA-BCFF-D9C21B6BDA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF003BA-2C97-4B3F-8C37-AB168202F268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9407AF-3C84-445B-8C9B-6968F828714D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "16BBFB33-491D-4889-8A97-FE3EA7A91C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1335AAA7-4C03-4E23-8DE6-250854AE5E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "291D89FA-3D49-4647-88C1-4BC5DAD74756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4708F92B-70C2-405F-B3CA-C753945D0C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "601103FC-B3A6-4153-9E1A-BC997C1C8140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9706D77-722B-4926-988B-5A9D5BCFC97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4ED09F-9953-40D1-9361-93A274DB38F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0266B3E3-F6C6-4E6E-981A-89BE75886283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36CBA8A4-3117-43E3-8D9A-DBCFE29DD111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D06EBE1-7DD0-42A7-8E20-FDA8A1DA3005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55723A30-823F-4142-82EE-E5C4CBAF73E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11AB57AB-6D32-45EC-8E2B-91F3946C3914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBCB02E-D80E-49EB-9DAD-138ED715BC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D16A62-50BA-4D5F-961D-34A22599D861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10F6D7B9-DB63-42E9-A992-20F0545A13C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "72DA345D-51BD-4D4A-BCB4-07F83777B7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "883F2B84-F735-4D43-BB81-E05E7C50FF6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2AF650-F211-4C44-A975-40BCCF10AD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB9F9C0-55BC-48C7-A74D-A5566502652F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "861C2791-AA1A-403B-AA33-FC08D1B5A686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E22B3D9-5C19-40C5-A456-F73C70F712DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C9508E14-8503-4E9A-ADFA-041EAA67E4A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "85571949-C20C-47F2-87CF-0D59296C08A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4215A7F7-0E7D-4EB5-980C-FB45A23FA502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE4DF39-F335-40BD-8665-5DA8B37CB796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3A703B-A52C-4E32-B800-889127AC51BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B84A6E2C-7E1A-4738-A40F-9FB3D1C579AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "082F52B8-6025-4A37-82CC-7079797B50D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AACAF48-1335-4760-9F75-6E1540847929",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."
},
{
"lang": "es",
"value": "El comando get1, como el usado por lftpget, en LFTP anterior v4.0.6 no valida adecuadamente el nombre de fichero proporcionado por el servidor antes de determinadar el nombre de fichero destino de una descarga, lo que permite a servidores crear o sobreescribir ficheros de su elecci\u00f3n a trav\u00e9s de una cabecera Content-disposition que sugiere un nombre de fichero manipulado, y probablemente ejecutar c\u00f3digo de su elecci\u00f3n como consecuencia de escribir un fichero punto en el directorio home. \r\n"
}
],
"id": "CVE-2010-2251",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-06T17:17:13.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lftp.yar.ru/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=127411372529485\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=127432968701342\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=127611288927500\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=127620248914170\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40400"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2010-0073"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2085"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/advisories/ocert-2010-001.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/514499/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1654"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lftp.yar.ru/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127411372529485\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127432968701342\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127611288927500\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127620248914170\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2010-0073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2010-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514499/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602836"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…