CVE-2008-2779 - OpenCVE

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Globalscape	Cuteftp

Configuration 1 [-]

OR	cpe:2.3:a:globalscape:cuteftp:8.2.0::home:::::
	cpe:2.3:a:globalscape:cuteftp:8.2.0::pro:::::

References

Link	Resource
http://secunia.com/advisories/29760	Vendor Advisory
http://vuln.sg/cuteftp820-en.html	Exploit
http://www.securitytracker.com/id?1020113
http://www.vupen.com/english/advisories/2008/1653/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42633

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-19T20:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-06-19T00:00:00

Link: CVE-2008-2779

JSON object: View

NVD Information

Status : Modified

Published: 2008-06-19T20:41:00.000

Modified: 2017-08-08T01:31:19.263

Link: CVE-2008-2779

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-27T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "cuteftp-list-directory-traversal(42633)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42633"}, {"tags": ["x_refsource_MISC"], "url": "http://vuln.sg/cuteftp820-en.html"}, {"name": "29760", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29760"}, {"name": "1020113", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020113"}, {"name": "ADV-2008-1653", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1653/references"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2779", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cuteftp-list-directory-traversal(42633)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42633"}, {"name": "http://vuln.sg/cuteftp820-en.html", "refsource": "MISC", "url": "http://vuln.sg/cuteftp820-en.html"}, {"name": "29760", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29760"}, {"name": "1020113", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020113"}, {"name": "ADV-2008-1653", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1653/references"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2779", "datePublished": "2008-06-19T20:00:00", "dateReserved": "2008-06-19T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:globalscape:cuteftp:8.2.0:*:home:*:*:*:*:*", "matchCriteriaId": "12174378-67EA-41D0-B91A-911F81722A29", "vulnerable": true}, {"criteria": "cpe:2.3:a:globalscape:cuteftp:8.2.0:*:pro:*:*:*:*:*", "matchCriteriaId": "A91A19CF-CEDE-4626-9577-0DF44D2B7586", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."}, {"lang": "es", "value": "Vulnerabilidad de Salto de Directorio en GlobalSCAPE CuteFTP Home 8.2.0 Build0 2.26.2008.4 y CuteFTP Pro 8.2.0 Build 04.01.2008.1, permite en servidores FTP remotos crear y sobrescribir ficheros arbitrariamente mediante secuencias ..\\ (punto punto barra invertida) en respuesta a comandos LIST, un problema relacionado con la CVE-2002-1345. NOTA: puede aprovecharse para ejecuci\u00f3n de c\u00f3digo escribiendo en el fichero de inicio."}], "id": "CVE-2008-2779", "lastModified": "2017-08-08T01:31:19.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-06-19T20:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29760"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://vuln.sg/cuteftp820-en.html"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020113"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1653/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42633"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}