CVE-2010-2251
lftp - file overwrite vulnerability
EPSS 2.4%
Description
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
How to fix CVE-2010-2251
To remediate CVE-2010-2251, upgrade the affected package to a fixed version below.
- Debian/lftp—upgrade to 4.0.6-1 or later
- —upgrade to 3.7.3-1+lenny1 or later
Is CVE-2010-2251 being exploited?
Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.0.6-1
- from 0, < 3.7.3-1+lenny1