certfr_avis - certa-2008-avi-271

CERTA-2008-AVI-271

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le client Core FTP permet d'exécuter du code arbitraire sur le poste de l'utilisateur.

Description

Une vulnérabilité de type « traversée de répertoires » a été découverte dans le client Core FTP. Un utilisateur malintentionné peut, par le biais d'un lien de téléchargement FTP, exécuter du code arbitraire sur la machine de sa victime.

Solution

Mettre à jour Core FTP en version 2.1 build 1568 (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Owncloud	Core	Core FTP Pro versions 2.1 build 1565 et antérieures.
	Owncloud	Core	Core FTP LE versions 2.1 build 1565 et antérieures ;

References

Title

Publication Time

Tags

Notes de version 2.1 de Core FTP du 27 mai 2008	None	vendor-advisory
Notes de version 2.1 de Core FTP du 27 mai 2008 :	-	other
Site de téléchargement de Core FTP :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Core FTP Pro versions 2.1 build 1565 et ant\u00e9rieures.",
      "product": {
        "name": "Core",
        "vendor": {
          "name": "Owncloud",
          "scada": false
        }
      }
    },
    {
      "description": "Core FTP LE versions 2.1 build 1565 et ant\u00e9rieures ;",
      "product": {
        "name": "Core",
        "vendor": {
          "name": "Owncloud",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type \u00ab travers\u00e9e de r\u00e9pertoires \u00bb a \u00e9t\u00e9 d\u00e9couverte\ndans le client Core FTP. Un utilisateur malintentionn\u00e9 peut, par le\nbiais d\u0027un lien de t\u00e9l\u00e9chargement FTP, ex\u00e9cuter du code arbitraire sur\nla machine de sa victime.\n\n## Solution\n\nMettre \u00e0 jour Core FTP en version 2.1 build 1568 (cf. section\nDocumentation).\n",
  "cves": [],
  "links": [
    {
      "title": "Notes de version 2.1 de Core    FTP du 27 mai 2008 :",
      "url": "http://www.coreftp.com/forums/viewtopic.php?t=6078"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement de Core    FTP :",
      "url": "http://www.coreftp.com/download.html"
    }
  ],
  "reference": "CERTA-2008-AVI-271",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le client \u003cspan class=\"textit\"\u003eCore FTP\u003c/span\u003e\npermet d\u0027ex\u00e9cuter du code arbitraire sur le poste de l\u0027utilisateur.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Core FTP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de version 2.1 de Core FTP du 27 mai 2008",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted