CVE-2008-2779 - OpenCVE

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Globalscape	Cuteftp

Configuration 1 [-]

OR	cpe:2.3:a:globalscape:cuteftp:8.2.0::home:::::
	cpe:2.3:a:globalscape:cuteftp:8.2.0::pro:::::

No data.

References

Link	Providers
http://secunia.com/advisories/29760
http://vuln.sg/cuteftp820-en.html
http://www.securitytracker.com/id?1020113
http://www.vupen.com/english/advisories/2008/1653/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42633

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-19T20:00:00

Updated: 2024-08-07T09:14:14.583Z

Reserved: 2008-06-19T00:00:00

Link: CVE-2008-2779

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-06-19T20:41:00.000

Modified: 2017-08-08T01:31:19.263

Link: CVE-2008-2779

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-27T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "cuteftp-list-directory-traversal(42633)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42633"}, {"tags": ["x_refsource_MISC"], "url": "http://vuln.sg/cuteftp820-en.html"}, {"name": "29760", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29760"}, {"name": "1020113", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020113"}, {"name": "ADV-2008-1653", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1653/references"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2779", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cuteftp-list-directory-traversal(42633)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42633"}, {"name": "http://vuln.sg/cuteftp820-en.html", "refsource": "MISC", "url": "http://vuln.sg/cuteftp820-en.html"}, {"name": "29760", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29760"}, {"name": "1020113", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020113"}, {"name": "ADV-2008-1653", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1653/references"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:14:14.583Z"}, "title": "CVE Program Container", "references": [{"name": "cuteftp-list-directory-traversal(42633)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42633"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://vuln.sg/cuteftp820-en.html"}, {"name": "29760", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29760"}, {"name": "1020113", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020113"}, {"name": "ADV-2008-1653", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1653/references"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2779", "datePublished": "2008-06-19T20:00:00", "dateReserved": "2008-06-19T00:00:00", "dateUpdated": "2024-08-07T09:14:14.583Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:globalscape:cuteftp:8.2.0:*:home:*:*:*:*:*", "matchCriteriaId": "12174378-67EA-41D0-B91A-911F81722A29", "vulnerable": true}, {"criteria": "cpe:2.3:a:globalscape:cuteftp:8.2.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A91A19CF-CEDE-4626-9577-0DF44D2B7586", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."}, {"lang": "es", "value": "Vulnerabilidad de Salto de Directorio en GlobalSCAPE CuteFTP Home 8.2.0 Build0 2.26.2008.4 y CuteFTP Pro 8.2.0 Build 04.01.2008.1, permite en servidores FTP remotos crear y sobrescribir ficheros arbitrariamente mediante secuencias ..\\ (punto punto barra invertida) en respuesta a comandos LIST, un problema relacionado con la CVE-2002-1345. NOTA: puede aprovecharse para ejecuci\u00f3n de c\u00f3digo escribiendo en el fichero de inicio."}], "id": "CVE-2008-2779", "lastModified": "2017-08-08T01:31:19.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-06-19T20:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29760"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://vuln.sg/cuteftp820-en.html"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020113"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1653/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42633"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}