Wind River Support Network


LIN8-9658 : Security Advisory - lftp - CVE-2018-10916

Created: Aug 15, 2018    Updated: Dec 3, 2018
Resolved Date: Aug 20, 2018
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace


It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.

Other Downloads


Live chat