CVE-2007-2348 - OpenCVE

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Alexander V. Lukyanov	Lftp

Configuration 1 [-]

cpe:2.3:a:alexander_v._lukyanov:lftp:*:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=173524
http://lftp.yar.ru/news.html
http://rhn.redhat.com/errata/RHSA-2009-1278.html
http://secunia.com/advisories/25107
http://secunia.com/advisories/25132
http://secunia.com/advisories/36559
http://www.securityfocus.com/bid/23736
http://www.vupen.com/english/advisories/2007/1590
https://issues.rpath.com/browse/RPL-1229
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10806

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2007-04-27T18:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2007-04-27T00:00:00

Link: CVE-2007-2348

JSON object: View

NVD Information

Status : Modified

Published: 2007-04-27T18:19:00.000

Modified: 2023-11-07T02:00:36.040

Link: CVE-2007-2348

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as \"get\" which could overwrite executable files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "36559", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36559"}, {"name": "ADV-2007-1590", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1590"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1229"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=173524"}, {"name": "25107", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25107"}, {"name": "RHSA-2009:1278", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2009-1278.html"}, {"name": "23736", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23736"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://lftp.yar.ru/news.html"}, {"name": "25132", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25132"}, {"name": "oval:org.mitre.oval:def:10806", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10806"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-2348", "datePublished": "2007-04-27T18:00:00", "dateReserved": "2007-04-27T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alexander_v._lukyanov:lftp:*:*:*:*:*:*:*:*", "matchCriteriaId": "47F5BBDA-3E9F-430B-8C79-C622ABBB14E3", "versionEndIncluding": "3.5.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as \"get\" which could overwrite executable files."}, {"lang": "es", "value": "La secuencia de comandos mirror en lftp anterior a 3.5.9 no cita adecaudamente el interprete de car\u00e1cteres metacaracter, lo cual podr\u00eda permitir atacantes con la intervenci\u00f3n del usuario ejecutar comandos del interprete de comandos (shell) a trav\u00e9s de secuencias de comandos maliciosas. NOTA: no est\u00e1 claro si este asunto cruza los l\u00edmites de la seguridad, puesto que que la secuencia de comandos apoya comandos como por ejemplo \u201cget\u201d que podr\u00edan sobreescribir ficheros ejecutables."}], "id": "CVE-2007-2348", "lastModified": "2023-11-07T02:00:36.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-04-27T18:19:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=173524"}, {"source": "secalert@redhat.com", "url": "http://lftp.yar.ru/news.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2009-1278.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25107"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25132"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/36559"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/23736"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1590"}, {"source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-1229"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10806"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "This issue does not affect lftp as supplied with Red Hat Enterprise Linux 3.\n\nThis issue was addressed for Red Hat Enterprise Linux 5 by\nhttps://rhn.redhat.com/errata/RHSA-2009-1278.html\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Enterprise Linux 4 may address this flaw.", "lastModified": "2009-09-02T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}