CVE-2010-2251 — Improper Input Validation in Lftp

CWE-20 — Improper Input Validation9 documents7 sources

Severity

7.5HIGHNVD

EPSS

2.4%

top 14.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Alexander V Lukyanov Lftp Debian Lftp

Timeline

PublishedJul 6

Latest updateMay 14

Description

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/lftp< lftp 4.0.6-1 (bookworm)

▶Debianalexander_v_lukyanov/lftp< 4.0.6-1+3

▶NVDalexander_v_lukyanov/lftp4.0.5+141

🔴Vulnerability Details

GHSA

GHSA-96vc-4h75-gh5j: The get1 command, as used by lftpget, in LFTP before 4↗2022-05-14

▶

OSV

CVE-2010-2251: The get1 command, as used by lftpget, in LFTP before 4↗2010-07-06

▶

📋Vendor Advisories

Ubuntu

LFTP vulnerability↗2010-09-07

▶

Red Hat

lftp: multiple HTTP client download filename vulnerability [OCERT 2010-001]↗2010-05-17

▶

Debian

CVE-2010-2251: lftp - The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly val...↗2010

▶

💬Community

Bugzilla

CVE-2010-3842 mingw32-curl: Did not strip directory parts separated by backslashes, when downloading files↗2010-10-13

▶

Bugzilla

CVE-2010-2251 lftp: multiple HTTP client download filename vulnerability [OCERT 2010-001] [fedora-all]↗2010-06-10

▶

Bugzilla

CVE-2010-2251 lftp: multiple HTTP client download filename vulnerability [OCERT 2010-001]↗2010-05-12

▶