{ "id": "CVE-2011-4266", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2011-12-13T11:55:06.157", "lastModified": "2012-02-21T05:00:00.000", "vulnStatus": "Analyzed", "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "descriptions": [ { "lang": "en", "value": "Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991." }, { "lang": "es", "value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en FFFTP antes de v1.98d permite a usuarios locales conseguir privilegios a trav\u00e9s de un archivo troyano ejecutable en un directorio al que se accede para leer un archivo sin extensi\u00f3n, como lo demuestra la ejecuci\u00f3n del archivo README.EXE cuando un usuario intenta acceder a los archivos README. Se trata de una vulnerabilidad diferente a CVE-2011-3991." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3 }, "baseSeverity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:*:c:*:*:*:*:*:*", "versionEndIncluding": "1.98", "matchCriteriaId": "AA24ED59-5993-4ECE-B229-A1EFE66E38A5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.79a:*:*:*:*:*:*:*", "matchCriteriaId": "6079BDCD-8456-4EC4-A26B-D47D2C6BA538" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.80:*:*:*:*:*:*:*", "matchCriteriaId": "E21A59EC-4B60-4D1F-9133-1C1597928E7B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.81:*:*:*:*:*:*:*", "matchCriteriaId": "5818E00B-7695-4141-ADF9-211BA8827523" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.82:*:*:*:*:*:*:*", "matchCriteriaId": "89C6775E-2630-4DC0-B1C3-AFAE3EDEC076" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.83:*:*:*:*:*:*:*", "matchCriteriaId": "F01DC780-E509-4A5A-AD11-8FBA4D1EEA00" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.84:*:*:*:*:*:*:*", "matchCriteriaId": "F1F1232E-4E50-4A09-A016-A831E7817FE4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.85:*:*:*:*:*:*:*", "matchCriteriaId": "6187A8B8-26D3-44F0-9C7F-420EF14258F2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.86:*:*:*:*:*:*:*", "matchCriteriaId": "EE5AB09B-FC1A-4DB2-8154-3A00510CAC02" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.86a:*:*:*:*:*:*:*", "matchCriteriaId": "66453CFD-9598-4D52-B354-957620F41E2A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.87:*:*:*:*:*:*:*", "matchCriteriaId": "7DF5207D-1873-493F-884D-C8275CA769FE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.87a:*:*:*:*:*:*:*", "matchCriteriaId": "B237E67E-A7D3-4F70-98DB-70D5276D7290" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.88:*:*:*:*:*:*:*", "matchCriteriaId": "80C23BA7-07B7-4243-B2AC-70B9368F36C2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.88a:*:*:*:*:*:*:*", "matchCriteriaId": "5B6DAA2D-A411-41F8-8375-518CC8055823" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.88b:*:*:*:*:*:*:*", "matchCriteriaId": "85DF6151-83F8-4DCE-A7FC-D972016BB6A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.89:*:*:*:*:*:*:*", "matchCriteriaId": "220F57C1-1FCF-474A-AF76-3503927E813C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.89a:*:*:*:*:*:*:*", "matchCriteriaId": "A7EC8554-8AC6-48A4-80C4-604204A26726" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.89b:*:*:*:*:*:*:*", "matchCriteriaId": "14534B40-97E2-4857-A6E1-01070D3E230C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.90:*:*:*:*:*:*:*", "matchCriteriaId": "0B78E33E-0729-4927-B78A-0A89F2964EF8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.91:*:*:*:*:*:*:*", "matchCriteriaId": "8402D8F5-79C7-4D17-9DE2-E80F94F9F790" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.92:*:*:*:*:*:*:*", "matchCriteriaId": "54ECEDAB-833B-4481-9905-9513725FC302" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.92a:*:*:*:*:*:*:*", "matchCriteriaId": "33C73FEA-0FB5-479C-9039-040EAAAAA6FE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.92b:*:*:*:*:*:*:*", "matchCriteriaId": "F858E6C3-7750-4AF3-93E7-3666236F17D7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.92c:*:*:*:*:*:*:*", "matchCriteriaId": "9BE4515E-5C99-46C5-A2C3-2C830236C1B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.93:*:*:*:*:*:*:*", "matchCriteriaId": "7E421601-9519-4C61-ABE1-E9B20E2DCB6F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.94:*:*:*:*:*:*:*", "matchCriteriaId": "304495C5-E758-4B24-9D8D-A0F843F950D7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.94a:*:*:*:*:*:*:*", "matchCriteriaId": "5A755088-E8D9-47F5-953A-C931372C218C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.95:*:*:*:*:*:*:*", "matchCriteriaId": "11E6A50D-36DD-4F67-BB5B-AA8B50E08A2C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.96:*:*:*:*:*:*:*", "matchCriteriaId": "230A3300-1D94-42A1-B764-5AAC46F57EFF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.96a:*:*:*:*:*:*:*", "matchCriteriaId": "C35F98C7-B232-4E78-96D3-1DB6CB56B684" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.96b:*:*:*:*:*:*:*", "matchCriteriaId": "53DE04E1-A41D-4A94-A623-C71CC686AD30" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.96c:*:*:*:*:*:*:*", "matchCriteriaId": "E36AFA55-CA09-48CB-9C63-B044E0958721" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.96d:*:*:*:*:*:*:*", "matchCriteriaId": "19F29921-D221-4E5E-8BB9-02204AFC22DB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.97:*:*:*:*:*:*:*", "matchCriteriaId": "9EA3E7B0-BB36-4344-A417-50B1CCEBD647" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.97a:*:*:*:*:*:*:*", "matchCriteriaId": "6E9E2C57-A449-4552-AE19-063318CACC5F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.97b:*:*:*:*:*:*:*", "matchCriteriaId": "7230DBF0-E056-4A33-B4F3-204619B4EFCD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.98:*:*:*:*:*:*:*", "matchCriteriaId": "5CCE2380-5891-4294-87A2-4AACE8434EC2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.98:a:*:*:*:*:*:*", "matchCriteriaId": "0DEB0A8D-3A14-41E6-B873-C2E2C97F81FE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ffftp:ffftp:1.98:b:*:*:*:*:*:*", "matchCriteriaId": "0EC5E7F4-E490-4E37-BFDE-8DA183E75286" } ] } ] } ], "references": [ { "url": "http://jvn.jp/en/jp/JVN94002296/index.html", "source": "vultures@jpcert.or.jp" }, { "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000104", "source": "vultures@jpcert.or.jp" }, { "url": "http://sourceforge.jp/projects/ffftp/wiki/Security", "source": "vultures@jpcert.or.jp" } ] }