CVE-2009-3478 - OpenCVE

Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox
Nightlight	Fireftp

Configuration 1 [-]

AND

cpe:2.3:a:nightlight:fireftp:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/36860
http://vuln.sg/fireftp105-en.html
http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74%3Br2=1.75%3Bf=h
http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.75%3Br2=1.76%3Bf=h
http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diff?r1=1.8%3Br2=1.9%3Bf=h
http://www.securityfocus.com/bid/36536

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-09-29T23:00:00Z

Updated: 2024-09-16T22:50:56.647Z

Reserved: 2009-09-29T00:00:00Z

Link: CVE-2009-3478

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-09-29T23:30:00.313

Modified: 2023-11-07T02:04:26.753

Link: CVE-2009-3478

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing \" (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-09-29T23:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74%3Br2=1.75%3Bf=h"}, {"tags": ["x_refsource_MISC"], "url": "http://vuln.sg/fireftp105-en.html"}, {"name": "36860", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36860"}, {"name": "36536", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36536"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diff?r1=1.8%3Br2=1.9%3Bf=h"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.75%3Br2=1.76%3Bf=h"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3478", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing \" (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74;r2=1.75;f=h", "refsource": "CONFIRM", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74;r2=1.75;f=h"}, {"name": "http://vuln.sg/fireftp105-en.html", "refsource": "MISC", "url": "http://vuln.sg/fireftp105-en.html"}, {"name": "36860", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36860"}, {"name": "36536", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36536"}, {"name": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diff?r1=1.8;r2=1.9;f=h", "refsource": "CONFIRM", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diff?r1=1.8;r2=1.9;f=h"}, {"name": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.75;r2=1.76;f=h", "refsource": "CONFIRM", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.75;r2=1.76;f=h"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:31:10.368Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74%3Br2=1.75%3Bf=h"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://vuln.sg/fireftp105-en.html"}, {"name": "36860", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36860"}, {"name": "36536", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36536"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diff?r1=1.8%3Br2=1.9%3Bf=h"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.75%3Br2=1.76%3Bf=h"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3478", "datePublished": "2009-09-29T23:00:00Z", "dateReserved": "2009-09-29T00:00:00Z", "dateUpdated": "2024-09-16T22:50:56.647Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nightlight:fireftp:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "9727600C-CCB5-4D51-B788-D341259E659C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing \" (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de argumento en (1) src/content/js/connection/sftp.js y (2) src/content/js/connection/controlSocket.js.in en extensi\u00f3n FireFTP v1.0.5 para Firefox permite a usuarios SFTP autenticados remotamente provocar alteraciones de permisos de usuarios, eliminar, descargar, o mover el fichero err\u00f3neo a trav\u00e9s de un nombre de fichero que contenga \" (doble comilla), lo que no es filtrado o codificado adecuadamente cuando FireFTP crea el comando de env\u00edo a psftp.exe."}], "id": "CVE-2009-3478", "lastModified": "2023-11-07T02:04:26.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-09-29T23:30:00.313", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36860"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://vuln.sg/fireftp105-en.html"}, {"source": "cve@mitre.org", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74%3Br2=1.75%3Bf=h"}, {"source": "cve@mitre.org", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.75%3Br2=1.76%3Bf=h"}, {"source": "cve@mitre.org", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diff?r1=1.8%3Br2=1.9%3Bf=h"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/36536"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}