Ravens PHP Scripts

WinSCP Protocol Handler Command Line Switch Injection
Date: Friday, September 14, 2007 @ 14:02:00 CEST
Topic: Security


SECUNIA ADVISORY ID: SA26820

VERIFY ADVISORY: http://secunia.com/advisories/26820/

CRITICAL: Highly critical

IMPACT: Manipulation of data, System access

WHERE: >From remote

SOFTWARE: WinSCP 4.x - http://secunia.com/product/14323/

DESCRIPTION: Kender.Security has discovered a vulnerability in WinSCP, which can be exploited by malicious people to manipulate certain files on a user's system and potentially to compromise a vulnerable system.



This is similar to: SA20575

The vulnerability is confirmed in version 4.0.3. Prior versions may also be affected.

SOLUTION: Update to version 4.0.4. - http://winscp.net/eng/download.php

PROVIDED AND/OR DISCOVERED BY: Kender.Security

ORIGINAL ADVISORY: http://winscp.net/eng/docs/history#4.0.4

OTHER REFERENCES: SA20575: http://secunia.com/advisories/20575/






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3068