Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4756

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4756
Last Modified 07 Mar 2011 09:59:08
Published 07 Sep 2007 09:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4756

Summary

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Vulnerable Systems

Application

  • Ghisler Total Commander 7.01


References

MISC - http://www.ghisler.com/whatsnew.htm

VUPEN - ADV-2007-3102

BID - 25581

BUGTRAQ - 20070906 [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal

SECUNIA - 26734

OSVDB - 39838

MISC - http://blog.hispasec.com/lab/advisories/adv_TotalCommander_7_01_Remote_Traversal.txt

XF - totalcommander-ftp-weak-security(36487)

XF - totalcommander-ftp-directory-traversal(36486)

SECTRACK - 1018662

SREASON - 3106


Last Updated: 27 May 2016 10:45:57