VULHUB ™

A vulnerability in the Mirror Perl script allows remote FTP server operators to create or overwrite arbitrary files in the local system with the permission of the user running Mirror. Mirror is a Perl script designed to duplicate a directory hierarchy between two machines via FTP. Lack of proper input validation on the part of Mirror allows malicious remote web sites to send it filenames formatted in such a way that force Mirror to create or overwrite arbitrary files on the system with the permissions of the user running the script. For example a malicous FTP server can send filenames with embedded ".." and '\' strings that will not be filtered by the script.

A vulnerability in the Mirror Perl script allows remote FTP server operators to create or overwrite arbitrary files in the local system with the permission of the user running Mirror. Mirror is a Perl script designed to duplicate a directory hierarchy between two machines via FTP. Lack of proper input validation on the part of Mirror allows malicious remote web sites to send it filenames formatted in such a way that force Mirror to create or overwrite arbitrary files on the system with the permissions of the user running the script. For example a malicous FTP server can send filenames with embedded ".." and '\' strings that will not be filtered by the script.