Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2779

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2779
Last Modified 07 Mar 2011 10:09:44
Published 19 Jun 2008 04:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2779

Summary

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Vulnerable Systems

Application

  • Globalscape Cuteftp 8.2.0


References

XF - cuteftp-list-directory-traversal(42633)

VUPEN - ADV-2008-1653

SECTRACK - 1020113

MISC - http://vuln.sg/cuteftp820-en.html

SECUNIA - 29760


Last Updated: 27 May 2016 10:47:58