CVE-2011-4266

Published Dec 13, 2011

Last updated 13 years ago

CVSS info 9.3

Overview

Description: Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:*:c:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA24ED59-5993-4ECE-B229-A1EFE66E38A5",
            "versionEndIncluding": "1.98"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.79a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6079BDCD-8456-4EC4-A26B-D47D2C6BA538"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.80:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E21A59EC-4B60-4D1F-9133-1C1597928E7B"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5818E00B-7695-4141-ADF9-211BA8827523"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.82:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89C6775E-2630-4DC0-B1C3-AFAE3EDEC076"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.83:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F01DC780-E509-4A5A-AD11-8FBA4D1EEA00"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.84:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1F1232E-4E50-4A09-A016-A831E7817FE4"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.85:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6187A8B8-26D3-44F0-9C7F-420EF14258F2"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.86:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE5AB09B-FC1A-4DB2-8154-3A00510CAC02"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.86a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66453CFD-9598-4D52-B354-957620F41E2A"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.87:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DF5207D-1873-493F-884D-C8275CA769FE"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.87a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B237E67E-A7D3-4F70-98DB-70D5276D7290"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.88:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80C23BA7-07B7-4243-B2AC-70B9368F36C2"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.88a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B6DAA2D-A411-41F8-8375-518CC8055823"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.88b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85DF6151-83F8-4DCE-A7FC-D972016BB6A1"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.89:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "220F57C1-1FCF-474A-AF76-3503927E813C"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.89a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7EC8554-8AC6-48A4-80C4-604204A26726"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.89b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14534B40-97E2-4857-A6E1-01070D3E230C"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.90:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B78E33E-0729-4927-B78A-0A89F2964EF8"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.91:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8402D8F5-79C7-4D17-9DE2-E80F94F9F790"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.92:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54ECEDAB-833B-4481-9905-9513725FC302"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.92a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33C73FEA-0FB5-479C-9039-040EAAAAA6FE"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.92b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F858E6C3-7750-4AF3-93E7-3666236F17D7"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.92c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BE4515E-5C99-46C5-A2C3-2C830236C1B8"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.93:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E421601-9519-4C61-ABE1-E9B20E2DCB6F"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.94:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "304495C5-E758-4B24-9D8D-A0F843F950D7"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.94a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A755088-E8D9-47F5-953A-C931372C218C"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.95:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11E6A50D-36DD-4F67-BB5B-AA8B50E08A2C"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.96:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "230A3300-1D94-42A1-B764-5AAC46F57EFF"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.96a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C35F98C7-B232-4E78-96D3-1DB6CB56B684"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.96b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53DE04E1-A41D-4A94-A623-C71CC686AD30"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.96c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E36AFA55-CA09-48CB-9C63-B044E0958721"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.96d:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19F29921-D221-4E5E-8BB9-02204AFC22DB"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.97:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EA3E7B0-BB36-4344-A417-50B1CCEBD647"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.97a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E9E2C57-A449-4552-AE19-063318CACC5F"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.97b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7230DBF0-E056-4A33-B4F3-204619B4EFCD"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.98:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CCE2380-5891-4294-87A2-4AACE8434EC2"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.98:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DEB0A8D-3A14-41E6-B873-C2E2C97F81FE"
          },
          {
            "criteria": "cpe:2.3:a:ffftp:ffftp:1.98:b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EC5E7F4-E490-4E37-BFDE-8DA183E75286"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References