Rapid7 Vulnerability & Exploit Database

RHSA-2010:0585: lftp security update

Back to Search

RHSA-2010:0585: lftp security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
07/06/2010
Created
07/25/2018
Added
08/12/2010
Modified
07/04/2017

Description

LFTP is a sophisticated file transfer program for the FTP and HTTPprotocols. Like Bash, it has job control and uses the Readline library forinput. It has bookmarks, built-in mirroring, and can transfer several filesin parallel. It is designed with reliability in mind.It was discovered that lftp trusted the file name provided in theContent-Disposition HTTP header. A malicious HTTP server could use thisflaw to write or overwrite files in the current working directory of avictim running lftp, by sending a different file from what the victimrequested. (CVE-2010-2251)To correct this flaw, the following changes were made to lftp: the"xfer:clobber" option now defaults to "no", causing lftp to not overwriteexisting files, and a new option, "xfer:auto-rename", which defaults to"no", has been introduced to control whether lftp should useserver-suggested file names. Refer to the "Settings" section of the lftp(1)manual page for additional details on changing lftp settings.All lftp users should upgrade to this updated package, which contains abackported patch to correct this issue.

Solution(s)

  • redhat-upgrade-lftp

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;