Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5012

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-5012
Last Modified 07 Jan 2014 11:24:51
Published 24 Dec 2011 08:55:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5012

Summary

Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.

Vulnerable Systems

Application

  • Attachmate Reflection 14.1

  • Attachmate Reflection 2008

  • Attachmate Reflection 2008r1 Sp1

  • Attachmate Reflection 2008r2

  • Attachmate Reflection 2011r1

  • Attachmate Reflection 7.2


References

XF - attachmate-reflection-list-bo(71330)

SECTRACK - 1026340

MISC - http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29

OSVDB - 77189

EXPLOIT-DB - 18119

CONFIRM - http://support.attachmate.com/techdocs/2502.html

CONFIRM - http://support.attachmate.com/techdocs/2288.html

CONFIRM - http://support.attachmate.com/techdocs/1708.html

SECUNIA - 46879


Last Updated: 27 May 2016 10:57:58