Summary: | net-ftp/netkit-ftpd Cross-Site Request Forgery Vulnerability (CVE-2008-4247) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | ||||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://securitytracker.com/alerts/2008/Sep/1020945.html | ||||||
Whiteboard: | B3 [noglsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
![]() http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h http://securitytracker.com/alerts/2008/Sep/1020945.html Created attachment 169490 [details, diff]
netkit-ftpd-0.17-CVE-2008-4247.patch
CVS commits backported to netkit
added with netkit-ftpd-0.17-r8 Arches, please test and mark stable: =net-ftp/netkit-ftpd-0.17-r8 Target keywords : "alpha amd64 arm ia64 ppc s390 sh sparc x86" amd64/x86 stable alpha/ia64/sparc stable ppc stable Ready for vote, I vote YES. I vote NO on this issue, exploit scenarios are unlikely. voting NO too, and closing. |