CVE-2008-2702

Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
References
Link Resource
http://vuln.sg/alftp41b2-en.html Exploit Third Party Advisory
http://www.securityfocus.com/bid/29585 Exploit Third Party Advisory
http://secunia.com/advisories/30559 Third Party Advisory
http://www.vupen.com/english/advisories/2008/1763/references Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42900 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:estsoft:alftp:4.1:beta2:*:en:*:*:*:*
cpe:2.3:a:estsoft:alftp:5.0:*:*:ko:*:*:*:*

Information

Published : 2008-06-13 07:41

Updated : 2017-11-22 05:04


NVD link : CVE-2008-2702

Mitre link : CVE-2008-2702

Products Affected
No products.
CWE