Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4266

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-4266
Last Modified 21 Feb 2012 12:00:00
Published 13 Dec 2011 06:55:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4266

Summary

Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.

Vulnerable Systems

Application

  • Ffftp 1.79a

  • Ffftp 1.80

  • Ffftp 1.81

  • Ffftp 1.82

  • Ffftp 1.83

  • Ffftp 1.84

  • Ffftp 1.85

  • Ffftp 1.86

  • Ffftp 1.86a

  • Ffftp 1.87

  • Ffftp 1.87a

  • Ffftp 1.88

  • Ffftp 1.88a

  • Ffftp 1.88b

  • Ffftp 1.89

  • Ffftp 1.89a

  • Ffftp 1.89b

  • Ffftp 1.90

  • Ffftp 1.91

  • Ffftp 1.92

  • Ffftp 1.92a

  • Ffftp 1.92b

  • Ffftp 1.92c

  • Ffftp 1.93

  • Ffftp 1.94

  • Ffftp 1.94a

  • Ffftp 1.95

  • Ffftp 1.96

  • Ffftp 1.96a

  • Ffftp 1.96b

  • Ffftp 1.96c

  • Ffftp 1.96d

  • Ffftp 1.97

  • Ffftp 1.97a

  • Ffftp 1.97b

  • Ffftp 1.98


References

CONFIRM - http://sourceforge.jp/projects/ffftp/wiki/Security

JVNDB - JVNDB-2011-000104

JVN - JVN#94002296


Last Updated: 27 May 2016 10:57:52