diff options
| author | Baptiste Daroussin <bapt@FreeBSD.org> | 2010-09-03 13:57:14 +0000 |
|---|---|---|
| committer | Baptiste Daroussin <bapt@FreeBSD.org> | 2010-09-03 13:57:14 +0000 |
| commit | 096679336f47c0f1c0e5efb7603fe5690ff6d16a (patch) | |
| tree | 488c31773d43f6a0f9e2b7d1669f0260901e35f4 /security/vuxml | |
| parent | da3c00bf8bd1a7a6c3feb6b6bab7182898c3e8e0 (diff) | |
Notes
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index dd598926bdc7..f9a12a989697 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,63 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="29b7e3f4-b6a9-11df-ae63-f255a795cb21"> + <topic>lftp -- multiple HTTP client download filename vulnerability</topic> + <affects> + <package> + <name>lftp</name> + <range><lt>4.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The get1 command, as used by lftpget, in LFTP before 4.0.6 does not + properly validate a server-provided filename before determining the + destination filename of a download, which allows remote servers to create + or overwrite arbitrary files via a Content-Disposition header that + suggests a crafted filename, and possibly execute arbitrary code as a + consequence of writing to a dotfile in a home directory.</p> + </body> + </description> + <references> + <cvename>CVE-2010-2251</cvename> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=591580</url> + </references> + <dates> + <discovery>2010-06-09</discovery> + <entry>2010-09-03</entry> + </dates> + </vuln> + + <vuln vid="d754b7d2-b6a7-11df-826c-e464a695cb21"> + <topic>wget -- multiple HTTP client download filename vulnerability</topic> + <affects> + <package> + <name>wget</name> + <name>wget-devel</name> + <range><lt>1.12_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>GNU Wget 1.12 and earlier uses a server-provided filename instead + of the original URL to determine the destination filename of a download, + which allows remote servers to create or overwrite arbitrary files via + a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect + to a URL with a crafted filename, and possibly execute arbitrary code + as a consequence of writing to a dotfile in a home directory.</p> + </body> + </description> + <references> + <cvename>CVE-2010-2252</cvename> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=602797</url> + </references> + <dates> + <discovery>2010-06-09</discovery> + <entry>2010-09-03</entry> + </dates> + </vuln> + <vuln vid="3a7c5fc4-b50c-11df-977b-ecc31dd8ad06"> <topic>p5-libwww -- possibility to remote servers to create file with a .(dot) character</topic> <affects> |