| VID |
21731 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The FtpLocate program is vulnerable to a command execution vulnerability in the the fsite parameter. FtpLocate is a Web search engine for FTP sites written in Perl. FtpLocate versions 1.5 through 2.02 could allow a remote attacker to execute arbitrary system commands, caused by improper validation of user-supplied input passed to the fsite parameter of the flsearch.pl, flmodule.pl, and flserv.pl scripts. A remote attacker could inject shell meta-characters ('I' or ';') to execute arbitrary shell commands on the system with privileges of the Web server process.
* References:
http://secunia.com/advisories/16218/
http://www.securityfocus.com/archive/1/406373/30/0/threaded
http://securitytracker.com/id?1014570
* Platforms Affected:
Chung-Kie Tung, FtpLocate versions 1.5 through 2.02
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014. |
| Related URL |
CVE-2005-2420 (CVE) |
| Related URL |
14367 (SecurityFocus) |
| Related URL |
21540 (ISS) |
|
