---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: LFTP Insecure "Content-Disposition" Suggested Filename Handling Weakness SECUNIA ADVISORY ID: SA39861 VERIFY ADVISORY: http://secunia.com/advisories/39861/ DESCRIPTION: A weakness has been discovered in LFTP, which can be exploited by malicious people to bypass certain security features. The weakness is caused due to LFTP using the filename suggested via the "Content-Disposition" header when downloading files from an HTTP server. By suggesting a different filename than expected by the user, this can be exploited to e.g. overwrite files in the current directory on a user's system by tricking the user into downloading a file with a seemingly harmless filename from a malicious HTTP server. Note: LFTP does not prompt the user for confirmation before overwriting existing files by default. The weakness is confirmed in version 4.0.5. SOLUTION: Update to version 4.0.6. PROVIDED AND/OR DISCOVERED BY: oCERT credits Hank Leininger and Solar Designer. ORIGINAL ADVISORY: http://www.ocert.org/advisories/ocert-2010-001.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------