Download
| Alert*
oval:org.secpod.oval:def:1601152
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, result ... oval:org.secpod.oval:def:503611 LFTP is a file transfer utility for File Transfer Protocol , Secure File Transfer Protocol , Hypertext Transfer Protocol , and other commonly used protocols. It uses the readline library for input, and provides support for bookmarks, built-in monitoring, job control, and parallel transfer of multipl ... oval:org.secpod.oval:def:89003462 This update for lftp fixes the following issues: Security issue fixed: - CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of the local system . Other issue addressed: - The SSH login handling code detects password prompts more reliably . oval:org.secpod.oval:def:2103548 It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, result ... oval:org.secpod.oval:def:704252 lftp: Sophisticated command-line FTP/HTTP/BitTorrent client programs LFTP could be made to crash if it received specially crafted file. oval:org.secpod.oval:def:1504142 [4.4.8-12] - Resolves: #1611641 - CVE-2018-10916 lftp: particular remote file names may lead to current working directory erased oval:org.secpod.oval:def:1700368 It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, result ... oval:org.secpod.oval:def:51102 lftp: Sophisticated command-line FTP/HTTP/BitTorrent client programs LFTP could be made to crash if it received specially crafted file. oval:org.secpod.oval:def:205548 LFTP is a file transfer utility for File Transfer Protocol , Secure File Transfer Protocol , Hypertext Transfer Protocol , and other commonly used protocols. It uses the readline library for input, and provides support for bookmarks, built-in monitoring, job control, and parallel transfer of multipl ... oval:org.secpod.oval:def:2001260 It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, result ... |