Detections
Analytics

CVE-2010-3867

high

Description

Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.

References

http://www.vupen.com/english/advisories/2010/2962

http://www.vupen.com/english/advisories/2010/2959

http://www.vupen.com/english/advisories/2010/2941

http://www.vupen.com/english/advisories/2010/2853

http://www.proftpd.org/docs/NEWS-1.3.3c

http://www.openwall.com/lists/oss-security/2010/11/01/4

http://www.mandriva.com/security/advisories?name=MDVSA-2010:227

http://www.debian.org/security/2011/dsa-2191

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209

http://secunia.com/advisories/42217

http://secunia.com/advisories/42052

http://secunia.com/advisories/42047

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html

http://bugs.proftpd.org/show_bug.cgi?id=3519

Details

Source: Mitre, NVD

Published: 2010-11-09

Updated: 2011-09-15

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High