Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1345

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1345
Last Modified 10 Sep 2008 03:14:22
Published 23 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1345

Summary

Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.

Vulnerable Systems

Operating System

  • Openbsd 3.0

  • Sun Solaris 2.6

  • Sun Solaris 7.0

Application

  • Ncftp Software Ncftp 3.0.0

  • Ncftp Software Ncftp 3.0.1

  • Ncftp Software Ncftp 3.0.2

  • Ncftp Software Ncftp 3.0.3

  • Ncftp Software Ncftp 3.0.4

  • Ncftp Software Ncftp 3.1.0

  • Ncftp Software Ncftp 3.1.1

  • Ncftp Software Ncftp 3.1.2

  • Ncftp Software Ncftp 3.1.3

  • Ncftp Software Ncftp 3.1.4


References

CERT-VN - VU#210409

BUGTRAQ - 20021211 Directory Traversal Vulnerabilities in FTP Clients

SGI - 20021205-01-A

BID - 6360

XF - ftp-client-filename-traversal(10821)

VULNWATCH - 20021210 Directory Traversal Vulnerabilities in FTP Clients


Last Updated: 27 May 2016 10:37:17