WinSCP Protocol Handler Command Line Switch Injection

Posted on Friday, September 14, 2007 @ 13:02:00 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA26820

VERIFY ADVISORY: http://secunia.com/advisories/26820/

CRITICAL: Highly critical

IMPACT: Manipulation of data, System access

WHERE: >From remote

SOFTWARE: WinSCP 4.x - http://secunia.com/product/14323/

DESCRIPTION: Kender.Security has discovered a vulnerability in WinSCP, which can be exploited by malicious people to manipulate certain files on a user's system and potentially to compromise a vulnerable system.

This is similar to: SA20575

The vulnerability is confirmed in version 4.0.3. Prior versions may also be affected.

SOLUTION: Update to version 4.0.4. - http://winscp.net/eng/download.php

PROVIDED AND/OR DISCOVERED BY: Kender.Security

ORIGINAL ADVISORY: http://winscp.net/eng/docs/history#4.0.4

OTHER REFERENCES: SA20575: http://secunia.com/advisories/20575/
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 367,533,255
  • Today: 66,873
Server InfoServer Info
  • Sep 24, 2018
  • 05:50 pm PDT
 
 

Daily Inspiration