First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 188252
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matt Fleming (RETIRED) <mjf@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 188252 depends on: Show dependency tree
Bug 188252 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-08-09 18:08 0000 
Some vulnerabilities have been reported in gFTP, which potentially can be
exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to the use of vulnerable fsplib code, which
may allow the execution of arbitrary code.

------- Comment #1 From Matt Fleming (RETIRED) 2007-08-09 18:10:38 0000 ------- 
CC'ing maintainer and setting whiteboard status.

------- Comment #2 From Christian Faulhammer 2007-09-08 22:06:35 0000 ------- 
There is no patched version out, I looked on other distribution's bug databases
and found...nothing.

------- Comment #3 From Matt Fleming (RETIRED) 2007-09-09 13:04:12 0000 ------- 
These are the security fixes between fsplib 0.8 and 0.9

http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18
http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.19&r2=1.20
http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.20&r2=1.21
http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22
http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.h?r1=1.12&r2=1.13

and a fix for that was in fsplib-0.8 which isn't in the gftp-2.0.18 (it is in
CVS).

http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.15&r2=1.16

Here's the changelog for 0.9 and 0.8 of fsplib,

0.9
        Solaris compile fix by Brian Masney
        fix possible security hole if MAXNAMLEN>256 reported by
          Kalle Olavi Niemitalo
        add terminating \0 if directory entry is MAXNAMELEN long
        check if server sends ASCIIZ terminated filenames
          reported by Kalle Olavi Niemitalo
        fixed possible buffer overflow on systems not defining dirent.d_name
          long enough. Reported by Kalle Olavi Niemitalo
0.8
        Security bugfix release
        off by one error, found by David Binderman
        https://bugzilla.novell.com/show_bug.cgi?id=150399

------- Comment #4 From Daniel Gryniewicz 2007-09-21 20:09:31 0000 ------- 
I've bumped to gftp-2.0.18-r6 with all of those fixes in.

------- Comment #5 From Tobias Heinlein 2007-09-21 20:51:27 0000 ------- 
Thanks.
Arches, please stabilize net-ftp/gftp-2.0.18-r6, targets are: "alpha amd64 ppc
ppc64 sparc x86".

------- Comment #6 From Christian Faulhammer 2007-09-21 23:21:02 0000 ------- 
x86 stable

------- Comment #7 From Raúl Porcel 2007-09-22 11:02:31 0000 ------- 
alpha stable

------- Comment #8 From Markus Rothe 2007-09-22 15:24:14 0000 ------- 
ppc64 stable

------- Comment #9 From Wulf Krueger (RETIRED) 2007-09-22 17:32:32 0000 ------- 
Marked stable on amd64.

------- Comment #10 From Raúl Porcel 2007-09-25 14:55:32 0000 ------- 
sparc stable

------- Comment #11 From Tobias Scherbaum 2007-09-25 17:01:50 0000 ------- 
ppc stable, ready for glsa

------- Comment #12 From Pierre-Yves Rofes 2007-09-26 07:30:46 0000 ------- 
glsa request filed.

------- Comment #13 From Pierre-Yves Rofes 2007-11-01 23:13:54 0000 ------- 
GLSA 200711-01, sorry for the delay.
First Last Prev Next    No search results available      Search page      Enter new bug