- Add wget entry CVE-2010-2252

- Add lftp entry CVE-2010-2251
author: Baptiste Daroussin <bapt@FreeBSD.org> 2010-09-03 13:57:14 +0000
committer: Baptiste Daroussin <bapt@FreeBSD.org> 2010-09-03 13:57:14 +0000
commit: 096679336f47c0f1c0e5efb7603fe5690ff6d16a (patch)
tree: 488c31773d43f6a0f9e2b7d1669f0260901e35f4 /security
parent: - Add missing py-gnome2 dependency (diff)
1 files changed, 57 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index dd598926bdc7..f9a12a989697 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,63 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="29b7e3f4-b6a9-11df-ae63-f255a795cb21">
+    <topic>lftp -- multiple HTTP client download filename vulnerability</topic>
+    <affects>
+      <package>
+	<name>lftp</name>
+	<range><lt>4.0.6</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The get1 command, as used by lftpget, in LFTP before 4.0.6 does not 
+	properly validate a server-provided filename before determining the 
+	destination filename of a download, which allows remote servers to create 
+	or overwrite arbitrary files via a Content-Disposition header that 
+	suggests a crafted filename, and possibly execute arbitrary code as a 
+	consequence of writing to a dotfile in a home directory.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2010-2251</cvename>
+      <url>https://bugzilla.redhat.com/show_bug.cgi?id=591580</url>
+    </references>
+    <dates>
+      <discovery>2010-06-09</discovery>
+      <entry>2010-09-03</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="d754b7d2-b6a7-11df-826c-e464a695cb21">
+    <topic>wget -- multiple HTTP client download filename vulnerability</topic>
+    <affects>
+      <package>
+	<name>wget</name>
+	<name>wget-devel</name>
+	<range><lt>1.12_1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>GNU Wget 1.12 and earlier uses a server-provided filename instead 
+	of the original URL to determine the destination filename of a download, 
+	which allows remote servers to create or overwrite arbitrary files via 
+	a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect 
+	to a URL with a crafted filename, and possibly execute arbitrary code 
+	as a consequence of writing to a dotfile in a home directory.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2010-2252</cvename>
+      <url>https://bugzilla.redhat.com/show_bug.cgi?id=602797</url>
+    </references>
+    <dates>
+      <discovery>2010-06-09</discovery>
+      <entry>2010-09-03</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="3a7c5fc4-b50c-11df-977b-ecc31dd8ad06">
     <topic>p5-libwww -- possibility to remote servers to create file with a .(dot) character</topic>
     <affects>
author	Baptiste Daroussin <bapt@FreeBSD.org>	2010-09-03 13:57:14 +0000
committer	Baptiste Daroussin <bapt@FreeBSD.org>	2010-09-03 13:57:14 +0000
commit	096679336f47c0f1c0e5efb7603fe5690ff6d16a (patch)
tree	488c31773d43f6a0f9e2b7d1669f0260901e35f4 /security
parent	- Add missing py-gnome2 dependency (diff)