製品・ソフトウェアに関する情報
Vulnerability Search
lftp における入力確認に関する脆弱性
Title lftp における入力確認に関する脆弱性
Summary

lftp には、入力確認に関する脆弱性が存在します。

Possible impacts 情報を改ざんされる可能性があります。
Solution

ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date July 31, 2018, midnight
Registration Date Nov. 12, 2018, 4:17 p.m.
Last Update Nov. 12, 2018, 4:17 p.m.
CVSS3.0 : 警告
Score 6.5
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS2.0 : 危険
Score 7.8
Vector AV:N/AC:M/Au:N/C:N/I:P/A:C
Affected System
Canonical
Ubuntu 
Alexander V. Lukyanov
LFTP 4.8.3 およびそれ以前
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
No Changed Details Date of change
1 [2018年11月12日]
  掲載		 Nov. 12, 2018, 4:17 p.m.
NVD Vulnerability Information
CVE-2018-10916
Summary

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.

Publication Date Aug. 1, 2018, 11:29 p.m.
Registration Date March 1, 2021, 6:44 p.m.
Last Update Nov. 21, 2024, 12:42 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:lftp_project:lftp:*:*:*:*:*:*:*:* 4.8.3
Configuration2 or higher or less more than less than
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List