CVE-2005-3057

Sažetak

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html
http://marc.info/?l=bugtraq&m=113986337408103&w=2
http://secunia.com/advisories/18844
http://www.securityfocus.com/bid/16597
http://www.vupen.com/english/advisories/2006/0539
https://exchange.xforce.ibmcloud.com/vulnerabilities/24624

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-07-2017 - 01:33

Objavljeno

31-12-2005 - 05:00