Alerts This Week
Warning Icon 1 775
Alerts This Week
Warning Icon 1 775

Gentoo 200312-07 Minimal: Lftp Buffer Overflow Remote Code Execution

gentoo
Calendar Grey December 18, 2003
Dist Gentoo Esm H88
Various security issues in lftp could enable attackers to run arbitrary code from a distance. It is recommended to update to the latest version to mitigate potential threats.
Two buffer overflow problems have been found in lftp, a multithreadedcommand-line based FTP client.

Summary


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-07
- --------------------------------------------------------------------------

GLSA:        200312-07
Package:     net-ftp/lftp
Summary:     Two buffer overflow problems found in lftp
Severity:    minimal
Gentoo bug:  35866
Date:        2003-12-16
CVE:         CAN-2003-0963
Exploit:     remote
Affected:    <=2.6.9
Fixed:       >=2.6.10


DESCRIPTION:

Two buffer overflow problems have been found in lftp, a multithreaded
command-line based FTP client. A specially created directory on a web
server could be used to execute arbitrary code on the connecting machine.
The user's machine has to connect to a malicious web server using HTTP or
HTTPS, then issue an "ls" or "rels" command.

Please see
 <
for more details on this problem.


SOLUTION:

All machines which have net-ftp/lftp installed should be updated to use
versio...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory gentoo buffer overflow remote code execution lftp minimal ftp client

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo buffer overflow remote code execution lftp minimal ftp client

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here