Vulnerability Description
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ncftp Software | Ncftp | 3.0.0 |
| Openbsd | Openbsd | 3.0 |
| Sun | Solaris | 2.6 |
| Sun | Sunos | - |
References
- ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html
- http://marc.info/?l=bugtraq&m=103962838628940&w=2
- http://www.iss.net/security_center/static/10821.php
- http://www.kb.cert.org/vuls/id/210409PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/6360
- ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html
- http://marc.info/?l=bugtraq&m=103962838628940&w=2
- http://www.iss.net/security_center/static/10821.php
- http://www.kb.cert.org/vuls/id/210409PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/6360
FAQ
What is CVE-2002-1345?
CVE-2002-1345 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path o...
How severe is CVE-2002-1345?
CVE-2002-1345 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1345?
Check the references section above for vendor advisories and patch information. Affected products include: Ncftp Software Ncftp, Openbsd Openbsd, Sun Solaris, Sun Sunos.