CVE-2004-1276

Properties

Published:
09.01.2005
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:L/AC:L/Au:NR/C:N/I:C/A:N/B:N) Approximated
    Product:
    IglooFTP: IglooFTP

    Vulnerability description

    IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP.

    References:

    University of Illinois at Chicago: http://tigger.uic.edu/~jlongs2/holes/iglooftp.txt
    XF: http://xforce.iss.net/xforce/xfdb/18632