Main Vulnerability Database Vulnerabilities #VU14187

#VU14187 Security restrictions bypass in lftp - CVE-2018-10916

Published: August 2, 2018 / Updated: August 3, 2018

Vulnerability identifier: #VU14187

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-10916

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
lftp

Software vendor:
lftp

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper sanitization of remote file names. A remote unauthenticated attacker can trick the victim into using reverse mirroring on an attacker controlled FTP server bypass security restrictions and remove all files in the current working directory of the victim's system.

Remediation

Update to version 4.8.4.

External links

https://github.com/lavv17/lftp/commit/a27e07d90a4608ceaf928b1babb27d4d803e1992

#VU14187 Security restrictions bypass in lftp - CVE-2018-10916

Description

Remediation

External links

Please verify you're human