CVE-2010-2695 - OpenCVE

Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xlightftpd	Xlight Ftp Server

Configuration 1 [-]

OR	cpe:2.3:a:xlightftpd:xlight_ftp_server:3.5:::::::*
	cpe:2.3:a:xlightftpd:xlight_ftp_server:3.5.5:::::::*

No data.

References

Link	Providers
http://osvdb.org/66037
http://secunia.com/advisories/40473
http://www.securityfocus.com/archive/1/512192/100/0/threaded
http://www.xlightftpd.com/whatsnew.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/60151

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-07-12T17:00:00

Updated: 2024-08-07T02:39:38.055Z

Reserved: 2010-07-12T00:00:00

Link: CVE-2010-2695

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-07-12T17:30:02.767

Modified: 2018-10-10T19:59:55.683

Link: CVE-2010-2695

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-05T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20100705 Xlight FTPd Multiple Directory Traversal in SFTP", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/512192/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.xlightftpd.com/whatsnew.htm"}, {"name": "xlight-sftp-directory-traversal(60151)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60151"}, {"name": "66037", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/66037"}, {"name": "40473", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40473"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2695", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20100705 Xlight FTPd Multiple Directory Traversal in SFTP", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/512192/100/0/threaded"}, {"name": "http://www.xlightftpd.com/whatsnew.htm", "refsource": "CONFIRM", "url": "http://www.xlightftpd.com/whatsnew.htm"}, {"name": "xlight-sftp-directory-traversal(60151)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60151"}, {"name": "66037", "refsource": "OSVDB", "url": "http://osvdb.org/66037"}, {"name": "40473", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40473"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:39:38.055Z"}, "title": "CVE Program Container", "references": [{"name": "20100705 Xlight FTPd Multiple Directory Traversal in SFTP", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/512192/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.xlightftpd.com/whatsnew.htm"}, {"name": "xlight-sftp-directory-traversal(60151)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60151"}, {"name": "66037", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/66037"}, {"name": "40473", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40473"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2695", "datePublished": "2010-07-12T17:00:00", "dateReserved": "2010-07-12T00:00:00", "dateUpdated": "2024-08-07T02:39:38.055Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xlightftpd:xlight_ftp_server:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "2E58D1D4-5895-4FDC-B12F-AF289077ABC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:xlightftpd:xlight_ftp_server:3.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "9E1F5820-9FD7-4851-8798-A2D66C5ABCF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en SFTP/SSH2 virtual server en Xlight FTP Server v3.5.0, v3.5.5, y posiblemente otras versiones anteriores a v3.6 permite a atacantes remotos autenticados leer, sobreescribir o eliminar ficheros arbitrarios mediante secuencias .. (punto punto) en (1) ls, (2) rm, (3) rename y otros otros comandos no especificados"}], "id": "CVE-2010-2695", "lastModified": "2018-10-10T19:59:55.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-07-12T17:30:02.767", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/66037"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40473"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/512192/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.xlightftpd.com/whatsnew.htm"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60151"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}