- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200406-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Minor Title: gift-fasttrack: remote denial of service attack Date: June 19, 2004 Bugs: #54452 ID: 200406-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== There is a vulnerability where a carefully crafted signals sent to the gift-fasttrack plugin will cause the giFT daemon to crash. Background ========== gift-fasttrack is a plugin for the giFT file-sharing application. It allows giFT users to connect to the fasttrack network to share files. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-p2p/gift-fasttrack <= 0.8.6 >= 0.8.7 Description =========== [from http://gift-fasttrack.berlios.de/] A remote denial of service attack has been discovered in version 0.8.6 and prior. Even though no code execution is possible it is recommended that you update to 0.8.7 as soon as possible. Thanks to Alan F [2] for bringing this to our attention. Impact ====== Attackers may crash the giFT daemon on a vulnerable system. There is no risk of code execution. Workaround ========== There is no known workaround at this time. All users are encouraged to upgrade to the latest available version. Resolution ========== All users should upgrade to the latest available version of gift-fasttrack. # emerge sync # emerge -pv ">=net-p2p/gift-fasttrack-0.8.7" # emerge ">=net-p2p/gift-fasttrack-0.8.7" References ========== [ 1 ] giFT-FastTrack announcement http://gift-fasttrack.berlios.de/ [ 2 ] Alan Fitton