Oval Definition:	oval:org.mitre.oval:def:13484
Revision Date: 2014-06-30 Version: 20 Title: USN-984-1 -- lftp vulnerability Description: It was discovered that LFTP incorrectly filtered filenames suggested by Content-Disposition headers. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, such as a dotfile, and possibly run arbitrary code. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2010-2251 USN-984-1 USN-984-1 Platform(s): Ubuntu 10.04 Ubuntu 8.04 Ubuntu 9.04 Ubuntu 9.10 Product(s): lftp Definition Synopsis Release section Ubuntu 8.04 is installed AND Supported architectures section Installed architecture is sparc OR Installed architecture is i386 OR Installed architecture is amd64 OR Installed architecture is lpia OR Installed architecture is powerpc AND lftp DPKG is earlier than 3.6.1-1ubuntu0.1 OR Release section Ubuntu 10.04 is installed AND Supported architectures section Installed architecture is sparc OR Installed architecture is i386 OR Installed architecture is amd64 OR Installed architecture is powerpc AND lftp DPKG is earlier than 4.0.2-1ubuntu0.1 OR Release section Ubuntu 9.04 is installed AND Supported architectures section Installed architecture is sparc OR Installed architecture is i386 OR Installed architecture is amd64 OR Installed architecture is lpia OR Installed architecture is powerpc AND lftp DPKG is earlier than 3.7.8-1ubuntu0.1 OR Release section Ubuntu 9.10 is installed AND Supported architectures section Installed architecture is sparc OR Installed architecture is i386 OR Installed architecture is amd64 OR Installed architecture is lpia OR Installed architecture is powerpc AND lftp DPKG is earlier than 3.7.15-1ubuntu2.1
BACK