The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


GLSA: lftp (200312-07)


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 18 Dec 2003 02:01:01 -0500
From: Rajiv Aaron Manglani <[email protected]>
To: [email protected]
Subject: GLSA: lftp (200312-07)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- --------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-07
- --------------------------------------------------------------------------

GLSA:        200312-07
Package:     net-ftp/lftp
Summary:     Two buffer overflow problems found in lftp
Severity:    minimal
Gentoo bug:  35866
Date:        2003-12-16
CVE:         CAN-2003-0963
Exploit:     remote
Affected:    <=2.6.9
Fixed:       >=2.6.10


DESCRIPTION:

Two buffer overflow problems have been found in lftp, a multithreaded
command-line based FTP client. A specially created directory on a web
server could be used to execute arbitrary code on the connecting machine.
The user's machine has to connect to a malicious web server using HTTP or
HTTPS, then issue an "ls" or "rels" command.

Please see
<http://www.securityfocus.com/archive/1/347587/2003-12-13/2003-12-19/0>;
for more details on this problem.


SOLUTION:

All machines which have net-ftp/lftp installed should be updated to use
version 2.6.10 or higher using these commands:

        emerge sync
        emerge -pv '>=net-ftp/lftp-2.6.10'
        emerge '>=net-ftp/lftp-2.6.10'
        emerge clean


// end

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQE/4U3Wnt0v0zAqOHYRAm7VAJsHDxrJLLQOU51blaP2VMCjkt/+dQCcC6zP
m/ELiJH0C0PukA++i1CfCmc=
=h16K
-----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру