Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5275

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5275
Last Modified 14 Apr 2009 01:38:33
Published 28 Nov 2008 02:00:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5275

Summary

Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.

Vulnerable Systems

Application

  • Net2ftp 0.96

  • Net2ftp 0.97


References

XF - net2ftp-requesthandling-code-execution(42994)

BID - 29664

MISC - http://vuln.sg/net2ftp096-en.html

SECUNIA - 30611


Last Updated: 27 May 2016 10:48:46