CVE-2007-2348

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:alexander_v._lukyanov:lftp:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:30

Type Values Removed Values Added
References () http://bugs.gentoo.org/show_bug.cgi?id=173524 - () http://bugs.gentoo.org/show_bug.cgi?id=173524 -
References () http://lftp.yar.ru/news.html - () http://lftp.yar.ru/news.html -
References () http://rhn.redhat.com/errata/RHSA-2009-1278.html - () http://rhn.redhat.com/errata/RHSA-2009-1278.html -
References () http://secunia.com/advisories/25107 - () http://secunia.com/advisories/25107 -
References () http://secunia.com/advisories/25132 - () http://secunia.com/advisories/25132 -
References () http://secunia.com/advisories/36559 - () http://secunia.com/advisories/36559 -
References () http://www.securityfocus.com/bid/23736 - () http://www.securityfocus.com/bid/23736 -
References () http://www.vupen.com/english/advisories/2007/1590 - () http://www.vupen.com/english/advisories/2007/1590 -
References () https://issues.rpath.com/browse/RPL-1229 - () https://issues.rpath.com/browse/RPL-1229 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10806 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10806 -

Information

Published : 2007-04-27 18:19

Updated : 2024-11-21 00:30


NVD link : CVE-2007-2348

Mitre link : CVE-2007-2348

CVE.ORG link : CVE-2007-2348


JSON object : View

Products Affected

alexander_v._lukyanov

  • lftp