Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2007-2348

Опубликовано: 09 янв. 2007
Источник: redhat
CVSS2: 5.1
EPSS Низкий

Описание

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

Отчет

This issue does not affect lftp as supplied with Red Hat Enterprise Linux 3. This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1278.html The Red Hat Security Response Team has rated this issue as having low security impact, this issue will not fixed in Red Hat Enterprise Linux 4.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4lftpWill not fix
Red Hat Enterprise Linux 5lftpFixedRHSA-2009:127802.09.2009

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=236238lftp mirror --script does not escape names and targets of symbolic links

EPSS

Процентиль: 84%
0.0243
Низкий

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2007-2348

ubuntu
около 18 лет назад

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

nvd логотип

CVE-2007-2348

nvd
около 18 лет назад

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

debian логотип

CVE-2007-2348

debian
около 18 лет назад

mirror --script in lftp before 3.5.9 does not properly quote shell met ...

github логотип

GHSA-m4hr-2hrx-m38c

github
около 3 лет назад

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

oracle-oval логотип

ELSA-2009-1278

oracle-oval
почти 16 лет назад

ELSA-2009-1278: lftp security and bug fix update (LOW)

EPSS

Процентиль: 84%
0.0243
Низкий

5.1 Medium

CVSS2