CVE-2004-1277

Properties

Published:
09.01.2005
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:C/A:N/B:N) Approximated
    Product:
    IglooFTP: IglooFTP

    Vulnerability description

    The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters.

    References:

    University of Illinois at Chicago: http://tigger.uic.edu/~jlongs2/holes/iglooftp2.txt
    XF: http://xforce.iss.net/xforce/xfdb/18561