Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2009-1278

Опубликовано: 08 сент. 2009
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2009-1278: lftp security and bug fix update (LOW)

[3.7.11-4]

  • Resolves: #461922 - lftp 'help mirror' does not display all options defined in manpage

[3.7.11-3]

  • Resolves: #504594 - Alias ''edit' has multiple flaws

[3.7.11-2]

  • Resolves: #504591 - Problems with spaces in file names over HTTP
  • Resolves: #504594 - Alias ''edit' has multiple flaws

[3.7.11-1]

  • Resolves: #468858 - Clean up lftp source code - corrected licensing
  • Resolves: #458777 - License conflict between OpenSSL and GNU GPL v2 licenses in lftp
  • Resolves: #461922 - lftp 'help mirror' does not display all options defined in manpage
  • Resolves: #308721 - re-base to latest upstream 3.7.11

[3.7.3-1]

  • Resolves: #308721 rebase to latest upstream
  • Resolves: #239334 solves CVE-2007-2348
  • Resolves: #422881 fixes bug with -c options
  • Resolves: #434294 fixes bug in (m)put with usage -c option

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

lftp

3.7.11-4.el5

Oracle Linux x86_64

lftp

3.7.11-4.el5

Oracle Linux i386

lftp

3.7.11-4.el5

Связанные CVE

CVE-2007-2348

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2007-2348

ubuntu
около 18 лет назад

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

redhat логотип

CVE-2007-2348

redhat
больше 18 лет назад

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

nvd логотип

CVE-2007-2348

nvd
около 18 лет назад

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

debian логотип

CVE-2007-2348

debian
около 18 лет назад

mirror --script in lftp before 3.5.9 does not properly quote shell met ...

github логотип

GHSA-m4hr-2hrx-m38c

github
около 3 лет назад

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.