Vulnerability CVE-2007-1485
Published: 2007-03-16   Modified: 2012-02-12

Description:
** DISPUTED ** Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted command line arguments.

See advisories in our WLB2 database:
Topic
Author
Date
High
QFTP (LIBFtp 3.1-1) (command line) sprintf() local buffer overflow
starcadi starcad...
21.03.2007

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Ftplib -> Ftplib 

 References:
http://securityreason.com/securityalert/2443
http://www.securityfocus.com/archive/1/462952/100/0/threaded
http://www.securityfocus.com/bid/22986
Copyright 2024, cxsecurity.com

 

Back to Top