Vulnerability Description
Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted command line arguments
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ftplib | Ftplib | 3.1-1 |
References
- http://osvdb.org/35089
- http://securityreason.com/securityalert/2443
- http://www.securityfocus.com/archive/1/462952/100/0/threaded
- http://www.securityfocus.com/bid/22986
- http://osvdb.org/35089
- http://securityreason.com/securityalert/2443
- http://www.securityfocus.com/archive/1/462952/100/0/threaded
- http://www.securityfocus.com/bid/22986
FAQ
What is CVE-2007-1485?
CVE-2007-1485 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it ...
How severe is CVE-2007-1485?
CVE-2007-1485 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1485?
Check the references section above for vendor advisories and patch information. Affected products include: Ftplib Ftplib.