Directory Traversal Vulnerability in Frigate 3 FTP Client
Advisory ID: | HTB22526 |
Product: | Frigate 3 |
Vendor: | WinFrigate |
Vulnerable Versions: | 3.36 and probably prior |
Tested Version: | 3.36 |
Advisory Publication: | July 22, 2010 [without technical details] |
Vendor Notification: | July 22, 2010 |
Public Disclosure: | August 5, 2010 |
Vulnerability Type: | Path Traversal [CWE-22] |
CVE Reference: | CVE-2010-3097 |
Risk Level: | High |
CVSSv2 Base Score: | 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) |
Discovered and Provided: | High-Tech Bridge Security Research Lab |
Advisory Details: | |
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Frigate 3 built-in FTP client which could be exploited to execute arbitrary code on vulnerable system. | |
Solution: | |
Currently we are not aware of any vendor-supplied patches or other solutions. The vendor was contacted in accordance to our Vendor Notification Policy but we didn't get any answer or feedback. | |
References: | |
[1] High-Tech Bridge Advisory HTB22526 - https://www.immuniweb.com/advisory/HTB22526 - Directory Traversal Vulnerability in Frigate 3 FTP Client [2] Frigate3 - frigate3.com- Frigate3 is a handy file manager with wealth of options that make managing and browsing through files easy. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. | |
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.