PT-2008-4219 · Globalscape · Cuteftp Home+1

Published

2008-06-19

Updated

2017-08-08

CVE-2008-2779

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CuteFTP Home version 8.2.0 Build 02.26.2008.4 CuteFTP Pro version 8.2.0 Build 04.01.2008.1

Description A directory traversal issue allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot backslash) sequences in responses to LIST commands. This can potentially be leveraged for code execution by writing to a Startup folder.

Recommendations For CuteFTP Home version 8.2.0 Build 02.26.2008.4, consider disabling the ability to write files to arbitrary locations until a patch is available. For CuteFTP Pro version 8.2.0 Build 04.01.2008.1, restrict access to the LIST command to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-2779

Affected Products

Cuteftp Home

Cuteftp Pro

PT-2008-4219 · Globalscape · Cuteftp Home+1

CVE-2008-2779

Weakness Enumeration

Related Identifiers

Affected Products

References · 6