Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/metadata/glsa/glsa-200312-07.xml
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa/glsa-200312-07.xml')
-rw-r--r--metadata/glsa/glsa-200312-07.xml73
1 files changed, 73 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200312-07.xml b/metadata/glsa/glsa-200312-07.xml
new file mode 100644
index 000000000000..cd9870a03b29
--- /dev/null
+++ b/metadata/glsa/glsa-200312-07.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200312-07">
+ <title>Two buffer overflows in lftp</title>
+ <synopsis>
+ Two buffer overflow problems are found in lftp that, in case the user visits
+ a malicious ftp server, could lead to malicious code being executed.
+ </synopsis>
+ <product type="ebuild">lftp</product>
+ <announced>2003-12-13</announced>
+ <revised count="2">2003-12-07</revised>
+ <bug>35866</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-ftp/lftp" auto="yes" arch="*">
+ <vulnerable range="lt">2.6.10</vulnerable>
+ <unaffected range="ge">2.6.10</unaffected>
+ </package>
+ </affected>
+ <background>
+ <p>
+ lftp is a multithreaded command-line based FTP client. It allows you to
+ execute multiple commands simultaneously or in the background. If features
+ mirroring capabilities, resuming downloads, etc.
+ </p>
+ </background>
+ <description>
+ <p>
+ Two buffer overflows exist in lftp. Both can occur when the user connects to
+ a malicious web server using the HTTP or HTTPS protocol and issues lftp's
+ "ls" or "rels" commands.
+ </p>
+ <p>
+ Ulf Harnhammar explains:
+ </p>
+ <p>
+ Technically, the problem lies in the file src/HttpDir.cc and the
+ functions try_netscape_proxy() and try_squid_eplf(), which both
+ have sscanf() calls that take data of an arbitrary length and
+ store it in a char array with 32 elements. (Back in version 2.3.0,
+ the problematic code was located in some other function, but the
+ problem existed back then too.) Depending on the HTML document in the
+ specially prepared directory, buffers will be overflown in either one
+ function or the other.
+ </p>
+ </description>
+ <impact type="low">
+ <p>
+ When a user issues "ls" or "rels" on a malicious server, the tftp
+ application can be tricked into running arbitrary code on the user his
+ machine.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no workaround available.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All Gentoo users who have net-ftp/lftp installed should update to use
+ version 2.6.0 or higher using these commands:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=net-ftp/lftp-2.6.10'
+ # emerge '&gt;=net-ftp/lftp-2.6.10'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://www.securityfocus.com/archive/1/347587/2003-12-13/2003-12-19/0">Initial report by Ulf Harnhammar</uri>
+ </references>
+</glsa>