CVE-2008-2702
Last modified
CVE-2008-2702 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. EPSS estimates a 10.70% chance of exploitation in the next 30 days.
Description
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Estsoft | Alftp | 4.1 | Beta2 |
| Estsoft | Alftp | 5.0 | — |
References
- http://secunia.com/advisories/30559Third Party Advisory
- http://vuln.sg/alftp41b2-en.htmlExploit, Third Party Advisory
- http://www.securityfocus.com/bid/29585Exploit, Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2008/1763/referencesThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42900Third Party Advisory, VDB Entry
- http://secunia.com/advisories/30559Third Party Advisory
- http://vuln.sg/alftp41b2-en.htmlExploit, Third Party Advisory
- http://www.securityfocus.com/bid/29585Exploit, Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2008/1763/referencesThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42900Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-2702?
How severe is CVE-2008-2702?
How do I fix CVE-2008-2702?
Are you affected by CVE-2008-2702?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST