LFTP 'Content-Disposition' HTTP Header Arbitrary File Overwrite Vulnerability

Bugtraq ID: 43728
Class: Input Validation Error
CVE: CVE-2010-2251
Remote: Yes
Local: No
Published: Oct 04 2010 12:00AM
Updated: May 07 2015 05:06PM
Credit: Hank Leininger and Solar Designer
Vulnerable: S.u.S.E. openSUSE 11.2
S.u.S.E. openSUSE 11.1
S.u.S.E. openSUSE 11.0
rPath rPath Linux 2
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
Gentoo Linux
Avaya Voice Portal 4.0
Avaya IQ 5.1
Avaya IQ 5
Avaya Integrated Management Suite (IMS) 0
Avaya CVLAN
Avaya Aura System Manager 1.0
Avaya Aura Presence Services 6.0
Avaya Aura Presence Services 0
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Application Enablement Services 4.2.3
Avaya Aura Application Enablement Services 4.2.2
Avaya Aura Application Enablement Services 4.2.1
Avaya Aura Application Enablement Services 4.0.1
Avaya Aura Application Enablement Services 5.2
Avaya Aura Application Enablement Services 4.2
Avaya Aura Application Enablement Services 4.1
Avaya Aura Application Enablement Services 4.0
Alexander V. Lukyanov lftp 2.6.9
+ OpenPKG OpenPKG Current
Alexander V. Lukyanov lftp 2.6.8
Alexander V. Lukyanov lftp 4.0.5
+ Redhat Enterprise Linux AS 3
+ Redhat Enterprise Linux ES 3
+ Redhat Enterprise Linux WS 3
+ Redhat Linux 9.0 i386
Alexander V. Lukyanov lftp 4.0.4
Alexander V. Lukyanov lftp 4.0.3
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
Alexander V. Lukyanov lftp 4.0.2
+ Redhat Linux 8.0 i386
Alexander V. Lukyanov lftp 4.0.1
+ Redhat Advanced Workstation for the Itanium Processor 2.1
+ Redhat Enterprise Linux AS 2.1 IA64
+ Redhat Enterprise Linux AS 2.1
+ Redhat Enterprise Linux ES 2.1
+ Redhat Enterprise Linux WS 2.1
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
Alexander V. Lukyanov lftp 4.0.0
Not Vulnerable: Alexander V. Lukyanov lftp 4.0.6


 

Privacy Statement
Copyright 2010, SecurityFocus