Some vulnerabilities have been reported in gFTP, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to the use of vulnerable fsplib code, which may allow the execution of arbitrary code.
CC'ing maintainer and setting whiteboard status.
There is no patched version out, I looked on other distribution's bug databases and found...nothing.
These are the security fixes between fsplib 0.8 and 0.9 http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18 http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.19&r2=1.20 http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.20&r2=1.21 http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22 http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.h?r1=1.12&r2=1.13 and a fix for that was in fsplib-0.8 which isn't in the gftp-2.0.18 (it is in CVS). http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.15&r2=1.16 Here's the changelog for 0.9 and 0.8 of fsplib, 0.9 Solaris compile fix by Brian Masney fix possible security hole if MAXNAMLEN>256 reported by Kalle Olavi Niemitalo add terminating \0 if directory entry is MAXNAMELEN long check if server sends ASCIIZ terminated filenames reported by Kalle Olavi Niemitalo fixed possible buffer overflow on systems not defining dirent.d_name long enough. Reported by Kalle Olavi Niemitalo 0.8 Security bugfix release off by one error, found by David Binderman https://bugzilla.novell.com/show_bug.cgi?id=150399
I've bumped to gftp-2.0.18-r6 with all of those fixes in.
Thanks. Arches, please stabilize net-ftp/gftp-2.0.18-r6, targets are: "alpha amd64 ppc ppc64 sparc x86".
x86 stable
alpha stable
ppc64 stable
Marked stable on amd64.
sparc stable
ppc stable, ready for glsa
glsa request filed.
GLSA 200711-01, sorry for the delay.
