First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 81994
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Jean-François Brunette (RETIRED) <formula7@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 81994 depends on: Show dependency tree
Bug 81994 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-02-14 06:43 0000 
Description:
A vulnerability has been reported in gFTP, which can be exploited by malicious people to conduct directory traversal attacks.

The vulnerability is caused due to a missing input validation when handling filenames returned by FTP servers. This can be exploited via a directory traversal attack to create or overwrite arbitrary files by returning a specially crafted filename.

Solution:
Update to version 2.0.18.
http://www.gftp.org/

------- Comment #1 From Luke Macken (RETIRED) 2005-02-14 07:03:32 0000 ------- 
already bumped.

arch's please mark stable.

------- Comment #2 From Jan Brinkmann (RETIRED) 2005-02-14 07:15:42 0000 ------- 
stable on amd64

------- Comment #3 From Luke Macken (RETIRED) 2005-02-14 07:32:28 0000 ------- 
uncalling archs, sorry :(

some outstanding issues with gftp need to be resolved before .18 gets marked stable.

------- Comment #4 From foser (RETIRED) 2005-02-14 08:09:48 0000 ------- 
added 2.0.18-r1 with a buildtime fix. reset all keywords to ~arch for the bump,
marked x86 stable.

------- Comment #5 From Jan Brinkmann (RETIRED) 2005-02-14 08:22:27 0000 ------- 
stable on amd64, again. :)

------- Comment #6 From Markus Rothe 2005-02-14 08:32:16 0000 ------- 
stable on ppc64

------- Comment #7 From Gustavo Zacarias (RETIRED) 2005-02-14 09:36:46 0000 ------- 
sparc stable.

------- Comment #8 From Thierry Carrez (RETIRED) 2005-02-15 02:29:48 0000 ------- 
This is CAN-2005-0372

------- Comment #9 From Joe Jezak 2005-02-19 00:04:23 0000 ------- 
Marked ppc stable.

------- Comment #10 From Thierry Carrez (RETIRED) 2005-02-19 02:45:16 0000 ------- 
GLSA drafted by vorlon and ready to go

------- Comment #11 From Matthias Geerdsen 2005-02-19 08:45:12 0000 ------- 
GLSA 200502-27

Thanks everyone
First Last Prev Next    No search results available      Search page      Enter new bug