CVE-2009-3478 - OpenCVE

Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Nightlight	Fireftp
Mozilla	Firefox

Configuration 1 [-]

AND

cpe:2.3:a:nightlight:fireftp:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/36860	Vendor Advisory
http://vuln.sg/fireftp105-en.html	Exploit
http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74%3Br2=1.75%3Bf=h
http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.75%3Br2=1.76%3Bf=h
http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diff?r1=1.8%3Br2=1.9%3Bf=h
http://www.securityfocus.com/bid/36536	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:23:56

Updated: 2022-10-03T16:23:56

Reserved: 2022-10-03T00:00:00

Link: CVE-2009-3478

JSON object: View

NVD Information

Status : Modified

Published: 2009-09-29T23:30:00.313

Modified: 2023-11-07T02:04:26.753

Link: CVE-2009-3478

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing \" (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:23:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74%3Br2=1.75%3Bf=h"}, {"tags": ["x_refsource_MISC"], "url": "http://vuln.sg/fireftp105-en.html"}, {"name": "36860", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36860"}, {"name": "36536", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36536"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diff?r1=1.8%3Br2=1.9%3Bf=h"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.75%3Br2=1.76%3Bf=h"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3478", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing \" (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74;r2=1.75;f=h", "refsource": "CONFIRM", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74;r2=1.75;f=h"}, {"name": "http://vuln.sg/fireftp105-en.html", "refsource": "MISC", "url": "http://vuln.sg/fireftp105-en.html"}, {"name": "36860", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36860"}, {"name": "36536", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36536"}, {"name": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diff?r1=1.8;r2=1.9;f=h", "refsource": "CONFIRM", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diff?r1=1.8;r2=1.9;f=h"}, {"name": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.75;r2=1.76;f=h", "refsource": "CONFIRM", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.75;r2=1.76;f=h"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3478", "datePublished": "2022-10-03T16:23:56", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:23:56", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nightlight:fireftp:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "9727600C-CCB5-4D51-B788-D341259E659C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing \" (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de argumento en (1) src/content/js/connection/sftp.js y (2) src/content/js/connection/controlSocket.js.in en extensi\u00f3n FireFTP v1.0.5 para Firefox permite a usuarios SFTP autenticados remotamente provocar alteraciones de permisos de usuarios, eliminar, descargar, o mover el fichero err\u00f3neo a trav\u00e9s de un nombre de fichero que contenga \" (doble comilla), lo que no es filtrado o codificado adecuadamente cuando FireFTP crea el comando de env\u00edo a psftp.exe."}], "id": "CVE-2009-3478", "lastModified": "2023-11-07T02:04:26.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-09-29T23:30:00.313", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36860"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://vuln.sg/fireftp105-en.html"}, {"source": "cve@mitre.org", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.74%3Br2=1.75%3Bf=h"}, {"source": "cve@mitre.org", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/controlSocket.js.in.diff?r1=1.75%3Br2=1.76%3Bf=h"}, {"source": "cve@mitre.org", "url": "http://www.mozdev.org/source/browse/fireftp/src/content/js/connection/sftp.js.diff?r1=1.8%3Br2=1.9%3Bf=h"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/36536"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}