NVD Vulnerability Detail

CVE-2011-5012

Summary	Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.
Publication Date	Dec. 25, 2011, 10:55 a.m.
Registration Date	Jan. 28, 2021, 4:40 p.m.
Last Update	Nov. 21, 2024, 10:33 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:attachmate:reflection_2011r1::::::::
cpe:2.3:a:attachmate:reflection_2008r2::::::::
cpe:2.3:a:attachmate:reflection_2008::::::::
cpe:2.3:a:attachmate:reflection:14.1:sp1::::::
cpe:2.3:a:attachmate:reflection:7.2:sp1:windows_client:::::*
cpe:2.3:a:attachmate:reflection_2008r1:sp1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://secunia.com/advisories/46879	Vendor Advisory
2	http://support.attachmate.com/techdocs/1708.html
3	http://support.attachmate.com/techdocs/2288.html
4	http://support.attachmate.com/techdocs/2502.html
5	http://www.exploit-db.com/exploits/18119	Exploit
6	http://www.osvdb.org/77189
7	http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29
8	http://www.securitytracker.com/id?1026340
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/71330
10	http://secunia.com/advisories/46879	Vendor Advisory
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/71330
12	http://www.securitytracker.com/id?1026340
13	http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29
14	http://www.osvdb.org/77189
15	http://www.exploit-db.com/exploits/18119	Exploit
16	http://support.attachmate.com/techdocs/2502.html
17	http://support.attachmate.com/techdocs/2288.html
18	http://support.attachmate.com/techdocs/1708.html

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

Reflection FTP クライアントにおけるヒープベースのバッファオーバーフローの脆弱性

Title	Reflection FTP クライアントにおけるヒープベースのバッファオーバーフローの脆弱性
Summary	複数の Attachmate Reflection で使用される Reflection FTP クライアント (rftpcom.dll) には、ヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	FTP サーバにより、LIST コマンドへの応答における過度に長いディレクトリ名を介して、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 25, 2011, midnight
Registration Date	Dec. 28, 2011, 11:44 a.m.
Last Update	Dec. 28, 2011, 11:44 a.m.

Affected System

Attachmate

Reflection 14.1.1.206 未満の 14.1 SP1

Reflection 15.3.2.569 未満の 2011 R1

Reflection 15.3.2.569 未満の 2011 R1 SP1

Reflection 15.4.1.327 未満の 2011 R2

Reflection 2008

Reflection Windows Client hotfix 7.2.1186 未満の 7.2 SP1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-5012	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5012
National Vulnerability Database (NVD)
2	CVE-2011-5012	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5012

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Technical Notes
1	1708	http://support.attachmate.com/techdocs/1708.html
2	2288	http://support.attachmate.com/techdocs/2288.html
3	2502	http://support.attachmate.com/techdocs/2502.html

Change Log

No	Changed Details	Date of change
0	[2011年12月28日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:attachmate:reflection_2011r1::::::::
cpe:2.3:a:attachmate:reflection_2008r2::::::::
cpe:2.3:a:attachmate:reflection_2008::::::::
cpe:2.3:a:attachmate:reflection:14.1:sp1::::::
cpe:2.3:a:attachmate:reflection:7.2:sp1:windows_client:::::*
cpe:2.3:a:attachmate:reflection_2008r1:sp1:::::::*