CVE-2017-15270 - OpenCVE

The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Psftp	Psftpd

Configuration 1 [-]

cpe:2.3:a:psftp:psftpd:10.0.4:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/541518/100/0/threaded
https://www.exploit-db.com/exploits/43144/	Third Party Advisory VDB Entry
https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-11-15T16:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2017-10-11T00:00:00

Link: CVE-2017-15270

JSON object: View

NVD Information

Status : Modified

Published: 2017-11-15T16:29:00.340

Modified: 2018-10-09T20:01:08.353

Link: CVE-2017-15270

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '\"' and ',' and '\\r' are not escaped and can be used to add new entries to the log."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html"}, {"name": "20171110 Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/541518/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/"}, {"name": "43144", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43144/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15270", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '\"' and ',' and '\\r' are not escaped and can be used to add new entries to the log."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html"}, {"name": "20171110 Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/541518/100/0/threaded"}, {"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/", "refsource": "MISC", "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/"}, {"name": "43144", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43144/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15270", "datePublished": "2017-11-15T16:00:00", "dateReserved": "2017-10-11T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:psftp:psftpd:10.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8B13806B-8D82-4705-8390-002602BDA270", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '\"' and ',' and '\\r' are not escaped and can be used to add new entries to the log."}, {"lang": "es", "value": "El servidor PSFTPd 10.0.4 Build 729 no escapa datos correctamente antes de escribirlos en un archivo CSV (Comma Separated Values). Esto puede ser empleado por atacantes para ocultar datos en la vista de interfaz gr\u00e1fica de usuario (GUI) y crear entradas arbitrarias hasta cierto extremo. Los caracteres especiales como las comillas (\"), las comas (,) y los saltos de carro (\\r)no se escapan, por lo que pueden emplearse para a\u00f1adir nuevas entradas al registro."}], "id": "CVE-2017-15270", "lastModified": "2018-10-09T20:01:08.353", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-15T16:29:00.340", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/541518/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43144/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}