{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-25T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0073"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602836"}, {"name": "ADV-2010-1654", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1654"}, {"name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"name": "FEDORA-2010-9819", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "40400", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40400"}, {"name": "DSA-2085", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2085"}, {"name": "20101027 rPSA-2010-0073-1 lftp", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/514499/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://lftp.yar.ru/news.html"}, {"name": "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127432968701342&w=2"}, {"name": "[oss-security] 20100610 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127620248914170&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2251", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"name": "http://wiki.rpath.com/Advisories:rPSA-2010-0073", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0073"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=602836", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602836"}, {"name": "ADV-2010-1654", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1654"}, {"name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"name": "FEDORA-2010-9819", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html"}, {"name": "http://www.ocert.org/advisories/ocert-2010-001.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=591580", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"name": "SUSE-SR:2010:014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "40400", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40400"}, {"name": "DSA-2085", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2085"}, {"name": "20101027 rPSA-2010-0073-1 lftp", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/514499/100/0/threaded"}, {"name": "http://lftp.yar.ru/news.html", "refsource": "CONFIRM", "url": "http://lftp.yar.ru/news.html"}, {"name": "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127432968701342&w=2"}, {"name": "[oss-security] 20100610 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127620248914170&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:25:07.558Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0073"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602836"}, {"name": "ADV-2010-1654", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1654"}, {"name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"name": "FEDORA-2010-9819", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "40400", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40400"}, {"name": "DSA-2085", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2085"}, {"name": "20101027 rPSA-2010-0073-1 lftp", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/514499/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://lftp.yar.ru/news.html"}, {"name": "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127432968701342&w=2"}, {"name": "[oss-security] 20100610 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127620248914170&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2251", "datePublished": "2010-07-06T14:00:00.000Z", "dateReserved": "2010-06-09T00:00:00.000Z", "dateUpdated": "2024-08-07T02:25:07.558Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:*:*:*:*:*:*:*:*", "matchCriteriaId": "91BE07CA-6242-4E5D-8153-66449FBE2E92", "versionEndIncluding": "4.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E071227F-6AC4-4E5E-B1C4-C6C77D906AE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3FC49DA4-46ED-4C27-91A5-56DED988EFF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "BFB7F72C-059A-40D2-B7AB-1F270093D1CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E692331E-EC84-460F-94C5-352A1D81AB3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "9047CB53-9B88-4721-ABE1-247108E2018E", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "F54B81F9-49CD-4D10-82E7-590091D87F47", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E50FE11C-70B6-4A20-A83C-DF44F01BA441", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "67337852-E080-4187-ADD4-5B79DADD2FFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "75D50FC5-CB47-4DC7-914B-1C3D828BD526", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "8A063BC5-F22E-436D-BD74-867D53383857", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "CA60DB67-3ED0-4698-9E40-5AFF248EC953", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "54505721-7976-4C01-8C66-EBAA112A8633", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "54D84499-91AC-485F-86A2-38A246A9BC7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "5055C435-643D-44F5-A0CD-4720A481A30C", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "DFD78A02-B657-4777-BB43-503918B45D2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "5CF9FCE1-610B-4D0D-9252-ACC6AD36CA09", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "804D73E1-8558-4E6A-8914-E768680114CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5AB3AAA-7796-4283-B1D8-84C191B8B20A", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.0a:*:*:*:*:*:*:*", "matchCriteriaId": "16638172-55AD-4234-A158-B151299FD885", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBF236B6-74C8-460D-87E5-95C182CC94F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "36EE177E-89ED-4953-8C9A-5F1606F75B71", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "4A25B0AA-407B-46C5-AE62-3A9AA7C86E62", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "6909555D-FA9F-4E91-B176-E709A75E9BF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "99822672-85E5-4968-BDE7-0489EC054474", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "816E076D-7EFA-4D1E-B15A-93E3564898D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "39A0F70E-3C7D-421C-A719-18ACEEB7B902", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4CB37AF-6032-4319-9AD0-5AD2F8C06503", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "72E65D53-0EC7-433A-B80F-87D163B05E13", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "10C86653-CB14-429E-809B-B46EF53A1EED", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "554D680C-1BE4-4890-B678-D39D7151E055", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "611129C7-5751-4885-A61C-705E2EE0318F", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "A06F7526-841F-49E3-AB2F-132A062723C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "8273E29C-DF2A-47AF-8987-75414F44E537", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "B924BEEF-F6D5-4F62-8265-61EE33451A72", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "867BBB3B-8104-42C4-8FEF-9EDA211FE460", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "A8B7F5B6-D34E-42A7-8646-9D1FC095CEDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "E8E0EE9F-0582-43DD-A5A0-E483423E8F15", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "DEAA8783-CB7D-4967-BB90-B9C93DBC1506", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "43DE821C-3178-4B73-8F15-A567AFF90940", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "2AADD206-760E-470B-A9F4-981A268DAAEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "BCDFDED0-D6EA-45F7-AB8E-FF0EAE9B52FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "F607A63C-E836-4ABF-A705-CC9AC5360E8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "07861E82-F2AA-4AD7-9341-8FA3D76BD7CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "EDEA0CD8-A751-4629-92A4-CF3F42A96745", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "92FC73D2-24C0-4C20-B309-C81F57287180", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "AA088222-3E89-4C80-A5E7-1DD7303BBF4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "6EF18837-2EB8-4E76-85F4-C76C7494BAE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "D112336D-FA6E-454D-9B0F-EEDB301AD127", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.10a:*:*:*:*:*:*:*", "matchCriteriaId": "DD194013-C2D5-43D2-BFEF-21A515224814", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7CA23E0B-5392-4392-953B-D8A948AE5BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "EDC9C624-08A3-4996-81BA-3CC3C85459F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "07BB574A-166F-453F-899C-881C7F11B97A", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "430E34BA-F2A5-456A-94EC-41247E3EDBE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "3590A44E-1F5D-4174-BA0E-B8FC854923AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "42857A56-4D5B-425C-BD04-B36C8EA5A265", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "80185A5F-151B-42B6-92C1-D2F7DE1FE918", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "2FF8FFF0-C8EF-4F2A-9AAC-D8943F1B56A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "929305F4-2C65-472B-B72B-F6F8231054E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "A6F9DB4E-3F80-4F55-A196-ED980E6B87E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "3D26360D-8E29-42A1-B5C0-6625B52352A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "DEA467A4-F1FD-44E0-8444-590741EACCA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "D194098E-509A-4DEF-9C7A-E7D7E000F0D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "7043A058-1A78-488E-907A-C63FD61B4F15", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "4B30C4BF-0C0D-4DA8-87DC-4F4FD1EB5C12", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "F3A83F73-721A-4751-BE36-15EE2FC1ABE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "DF974EAF-D0F2-4810-9CD3-5FD824998DD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "C106C08E-0E74-417C-80B2-966F6FDC4B5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C8E6DFEE-890F-4FEE-8728-DAE202F4F5FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F5B8692-4A94-42EB-90F3-1E91FEFDC9C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "00552922-D792-48BC-94B2-95580562D898", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "03C1A098-E5C7-48EB-A43D-0152DC11C6F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "84901E97-7D7A-47CB-A093-4E63E8BC52CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A60009AC-6D43-480B-965D-5AB7FC6A5099", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "C0FCF7BC-6374-4083-956D-2BB3968500FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "15738E86-9D9D-4698-8495-DE62407476D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "99523CB4-F928-4F69-9EB5-5B75F5BE095F", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "4057493B-696A-48B5-8A10-477EF477863E", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "AE637D63-208C-4367-A458-B1A9C7CBD2AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "81AFD0B2-3616-4A03-8DA1-BAF730E3FF9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "5EA8C17F-7CD1-4065-A3E8-A6031A59FDAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "79C0460B-047B-401D-B974-A769100AEA19", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6011DD55-2234-4C3B-B39A-8FE144070200", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "667A36C1-B555-4969-8190-F8B39D837A5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "CBEB14F9-00D9-4BC9-92FC-BFCD1FFD4045", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7BA7F49F-5C6B-4B01-8B57-563797248F3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EF31DCB1-4B9E-462B-990B-921859AFAC07", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "64B5757A-F241-4D5D-A2A4-F62DCAE85983", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CBF961E-1AB7-41A8-A05A-EFBA91AA1461", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "09F4BBA9-8BFF-4597-B48D-FA0DCC91F81D", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C2DB25B9-7624-4843-9005-C233A7AB63B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "5A3E94B2-361D-4865-82C1-54CDE9984ADB", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "6EAF9DA2-30E9-4F2F-91CE-C99C5F8F8FE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "879DABA2-4EAA-4181-B3CC-5B923FD81954", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D62404B-CA83-4056-92E1-7BC33C478509", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "017997EC-E624-4861-B4D3-F109D067E813", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "9E510BAF-E642-4B45-BE0E-D8B862E98D17", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "4DAD0054-2A37-45BA-A063-5AB5299E462B", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "F778D723-ED19-48BA-87AA-30846BB666BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "C084609A-9742-4D80-8F32-EBB5249C869E", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "8730E0B4-A26D-4834-816A-2B6BD9B680C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "47B941E9-B517-485C-9B28-7FFBBEB14F81", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4193E4D-61AF-4619-8E0E-9DE1EAE86715", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "82C33F9E-1EE2-4F54-88F8-93560D33EB01", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "87D289C7-A5B5-4AA0-A51E-5896BFC4F157", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "7CD08581-CFA9-49BB-9372-A56B8053C716", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "08E431D4-E226-493E-BB29-9C2AB0CB0A93", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "81201017-D862-431C-96DA-0A404C602979", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "F22828E7-3854-4C3C-96A8-83EC2D8593DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "52C459F7-49AB-4318-B81F-1CD83B27494A", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "A7368E64-4713-4EFA-BCFF-D9C21B6BDA72", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "BDF003BA-2C97-4B3F-8C37-AB168202F268", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "DB9407AF-3C84-445B-8C9B-6968F828714D", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "16BBFB33-491D-4889-8A97-FE3EA7A91C5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "1335AAA7-4C03-4E23-8DE6-250854AE5E96", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "291D89FA-3D49-4647-88C1-4BC5DAD74756", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.14:*:*:*:*:*:*:*", "matchCriteriaId": "4708F92B-70C2-405F-B3CA-C753945D0C26", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "601103FC-B3A6-4153-9E1A-BC997C1C8140", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E9706D77-722B-4926-988B-5A9D5BCFC97D", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "8A4ED09F-9953-40D1-9361-93A274DB38F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "0266B3E3-F6C6-4E6E-981A-89BE75886283", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "36CBA8A4-3117-43E3-8D9A-DBCFE29DD111", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "8D06EBE1-7DD0-42A7-8E20-FDA8A1DA3005", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "55723A30-823F-4142-82EE-E5C4CBAF73E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "11AB57AB-6D32-45EC-8E2B-91F3946C3914", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "ABBCB02E-D80E-49EB-9DAD-138ED715BC91", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "E0D16A62-50BA-4D5F-961D-34A22599D861", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "10F6D7B9-DB63-42E9-A992-20F0545A13C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "72DA345D-51BD-4D4A-BCB4-07F83777B7E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "883F2B84-F735-4D43-BB81-E05E7C50FF6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "EF2AF650-F211-4C44-A975-40BCCF10AD44", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "ACB9F9C0-55BC-48C7-A74D-A5566502652F", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "861C2791-AA1A-403B-AA33-FC08D1B5A686", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "3E22B3D9-5C19-40C5-A456-F73C70F712DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.12:*:*:*:*:*:*:*", "matchCriteriaId": "C9508E14-8503-4E9A-ADFA-041EAA67E4A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.13:*:*:*:*:*:*:*", "matchCriteriaId": "85571949-C20C-47F2-87CF-0D59296C08A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:3.7.14:*:*:*:*:*:*:*", "matchCriteriaId": "4215A7F7-0E7D-4EB5-980C-FB45A23FA502", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FE4DF39-F335-40BD-8665-5DA8B37CB796", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D3A703B-A52C-4E32-B800-889127AC51BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B84A6E2C-7E1A-4738-A40F-9FB3D1C579AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "082F52B8-6025-4A37-82CC-7079797B50D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5AACAF48-1335-4760-9F75-6E1540847929", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."}, {"lang": "es", "value": "El comando get1, como el usado por lftpget, en LFTP anterior v4.0.6 no valida adecuadamente el nombre de fichero proporcionado por el servidor antes de determinadar el nombre de fichero destino de una descarga, lo que permite a servidores crear o sobreescribir ficheros de su elecci\u00f3n a trav\u00e9s de una cabecera Content-disposition que sugiere un nombre de fichero manipulado, y probablemente ejecutar c\u00f3digo de su elecci\u00f3n como consecuencia de escribir un fichero punto en el directorio home. \r\n"}], "id": "CVE-2010-2251", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-07-06T17:17:13.267", "references": [{"source": "cve@mitre.org", "url": "http://lftp.yar.ru/news.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127432968701342&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127620248914170&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/40400"}, {"source": "cve@mitre.org", "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0073"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2010/dsa-2085"}, {"source": "cve@mitre.org", "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/514499/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1654"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602836"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lftp.yar.ru/news.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127432968701342&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127620248914170&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/40400"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/514499/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1654"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602836"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0585", "cpe": "cpe:/o:redhat:enterprise_linux:5", "impact": "moderate", "package": "lftp-0:3.7.11-4.el5_5.3", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2010-08-02T00:00:00Z"}], "bugzilla": {"description": "lftp: multiple HTTP client download filename vulnerability [OCERT 2010-001]", "id": "591580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified"}, "details": ["The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."], "name": "CVE-2010-2251", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "impact": "moderate", "package_name": "lftp", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2010-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-2251\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2251"], "statement": "This issue did not affect the version of lftp as shipped with Red Hat Enterprise Linux 3 and 4 as they did not include support for renaming files to a server-suggested file name.", "threat_severity": "Moderate"}

{}