73 lines
2.5 KiB
XML
73 lines
2.5 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
<glsa id="200312-07">
|
|
<title>Two buffer overflows in lftp</title>
|
|
<synopsis>
|
|
Two buffer overflow problems are found in lftp that, in case the user visits
|
|
a malicious ftp server, could lead to malicious code being executed.
|
|
</synopsis>
|
|
<product type="ebuild">lftp</product>
|
|
<announced>2003-12-13</announced>
|
|
<revised count="2">2003-12-07</revised>
|
|
<bug>35866</bug>
|
|
<access>remote</access>
|
|
<affected>
|
|
<package name="net-ftp/lftp" auto="yes" arch="*">
|
|
<vulnerable range="lt">2.6.10</vulnerable>
|
|
<unaffected range="ge">2.6.10</unaffected>
|
|
</package>
|
|
</affected>
|
|
<background>
|
|
<p>
|
|
lftp is a multithreaded command-line based FTP client. It allows you to
|
|
execute multiple commands simultaneously or in the background. If features
|
|
mirroring capabilities, resuming downloads, etc.
|
|
</p>
|
|
</background>
|
|
<description>
|
|
<p>
|
|
Two buffer overflows exist in lftp. Both can occur when the user connects to
|
|
a malicious web server using the HTTP or HTTPS protocol and issues lftp's
|
|
"ls" or "rels" commands.
|
|
</p>
|
|
<p>
|
|
Ulf Harnhammar explains:
|
|
</p>
|
|
<p>
|
|
Technically, the problem lies in the file src/HttpDir.cc and the
|
|
functions try_netscape_proxy() and try_squid_eplf(), which both
|
|
have sscanf() calls that take data of an arbitrary length and
|
|
store it in a char array with 32 elements. (Back in version 2.3.0,
|
|
the problematic code was located in some other function, but the
|
|
problem existed back then too.) Depending on the HTML document in the
|
|
specially prepared directory, buffers will be overflown in either one
|
|
function or the other.
|
|
</p>
|
|
</description>
|
|
<impact type="low">
|
|
<p>
|
|
When a user issues "ls" or "rels" on a malicious server, the tftp
|
|
application can be tricked into running arbitrary code on the user his
|
|
machine.
|
|
</p>
|
|
</impact>
|
|
<workaround>
|
|
<p>
|
|
There is no workaround available.
|
|
</p>
|
|
</workaround>
|
|
<resolution>
|
|
<p>
|
|
All Gentoo users who have net-ftp/lftp installed should update to use
|
|
version 2.6.0 or higher using these commands:
|
|
</p>
|
|
<code>
|
|
# emerge sync
|
|
# emerge -pv '>=net-ftp/lftp-2.6.10'
|
|
# emerge '>=net-ftp/lftp-2.6.10'
|
|
# emerge clean</code>
|
|
</resolution>
|
|
<references>
|
|
<uri link="http://www.securityfocus.com/archive/1/347587/2003-12-13/2003-12-19/0">Initial report by Ulf Harnhammar</uri>
|
|
</references>
|
|
</glsa>
|