PT-2011-5167 · Attachmate · Rftpcom.Dll+5
Francis Provencher
·
Publicado
2011-12-25
·
Atualizado
2017-08-29
·
CVE-2011-5012
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Attachmate Reflection 2008
Reflection 2011 R1 versions prior to 15.3.2.569
Reflection 2011 R1 SP1 versions prior to the latest update
Reflection 2011 R2 versions prior to 15.4.1.327
Reflection Windows Client 7.2 SP1 versions prior to hotfix 7.2.1186
Reflection 14.1 SP1 versions prior to 14.1.1.206
rftpcom.dll version 7.2.0.106
Description
A heap-based buffer overflow issue exists, allowing remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.
Recommendations
For Attachmate Reflection 2008, update to a newer version to mitigate the risk.
For Reflection 2011 R1, update to version 15.3.2.569 or later.
For Reflection 2011 R1 SP1, apply the latest update.
For Reflection 2011 R2, update to version 15.4.1.327 or later.
For Reflection Windows Client 7.2 SP1, apply hotfix 7.2.1186 or later.
For Reflection 14.1 SP1, update to version 14.1.1.206 or later.
For rftpcom.dll version 7.2.0.106, consider updating the library to a newer version.
Exploit
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Attachmate Reflection 2008
Reflection 14.1 Sp1
Reflection 2011 R1
Reflection 2011 R2
Reflection Windows Client 7.2 Sp1
Rftpcom.Dll