ALFTP Insecure Excutable File Loading Arbitrary Code Execution Vulnerability
BID:51984
Info
ALFTP Insecure Excutable File Loading Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 51984 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0315 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 13 2012 12:00AM |
| Updated: | Feb 13 2012 12:00AM |
| Credit: | Fumihiko Sano |
| Vulnerable: |
ALTools ALFTP 5.30.0.1 ALTools ALFTP 5.0 (Korean) ALTools ALFTP 4.1 BETA1 ALTools ALFTP 4.1 beta 2 (English) |
| Not Vulnerable: |
ALTools ALFTP 5.31 |
Discussion
ALFTP Insecure Excutable File Loading Arbitrary Code Execution Vulnerability
ALFTP is prone to a vulnerability that lets attackers execute arbitrary code.
A successful exploit can allow the attacker to execute an arbitrary program in the context of the user running the affected application.
ALFTP 5.30.0.1 and prior are vulnerable.
ALFTP is prone to a vulnerability that lets attackers execute arbitrary code.
A successful exploit can allow the attacker to execute an arbitrary program in the context of the user running the affected application.
ALFTP 5.30.0.1 and prior are vulnerable.
Exploit / POC
ALFTP Insecure Excutable File Loading Arbitrary Code Execution Vulnerability
Attackers must entice an unsuspecting user into opening a file on a remote WebDAV or SMB share to exploit this issue.
Attackers must entice an unsuspecting user into opening a file on a remote WebDAV or SMB share to exploit this issue.
Solution / Fix
ALFTP Insecure Excutable File Loading Arbitrary Code Execution Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
ALFTP Insecure Excutable File Loading Arbitrary Code Execution Vulnerability
References:
References:
- ALFTP 5.31 Release Notes (AlTools)
- ALFTP Homepage (ESTsoft)
- JVN#85695061 ALFTP may insecurely load executable files (JP-CERT)