Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2519

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2519
Last Modified 07 Mar 2011 10:09:18
Published 03 Jun 2008 10:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2519

Summary

Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Vulnerable Systems

Application

  • Core Ftp 2.1


References

CONFIRM - http://www.coreftp.com/forums/viewtopic.php?t=6078

XF - coreftp-list-directory-traversal(42605)

VUPEN - ADV-2008-1643

BID - 29362

MISC - http://vuln.sg/coreftp211565-en.html

SECUNIA - 30389


Last Updated: 27 May 2016 10:47:54