Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1294

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1294
Last Modified 10 Sep 2008 03:29:45
Published 10 Jan 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1294

Summary

The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.

Vulnerable Systems

Application

  • Luke Mewburn Tnftp 2003-08-25


References

XF - tnftp-mget-cmds-file-overwrite(18560)

MISC - http://tigger.uic.edu/~jlongs2/holes/tnftp.txt


Last Updated: 27 May 2016 10:38:58