SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   gFTP Vendors:   Masney, Brian
(Immunix Releases Fix) Re: gFTP Client May Allow Remote FTP Servers to Cause the FTP Client to Execute Arbitrary Code on the User's Host
SecurityTracker Alert ID:  1001444
SecurityTracker URL:  http://securitytracker.com/id/1001444
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 28 2001
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.0.8
Description:   It is reported that the gFTP client contains a vulnerability that may allow a remote server to cause arbitrary code to be executed on the client user's host.

The software reportedly contains a format string security problem in the logging of ftp and http responses. This apparently allows malicious ftp servers to potentially execute code on the gFTP user's system. No further details are available.

Impact:   A malicious ftp server could potentially execute code on the gFTP user's system when the user connects to the server. The malicious server could also cause the gFTP client to crash.
Solution:   Immunix has released a fix. See the Source Message for the advisory.
Vendor URL:  gftp.seul.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Immunix)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 28 2001 gFTP Client May Allow Remote FTP Servers to Cause the FTP Client to Execute Arbitrary Code on the User's Host



 Source Message Contents

Subject:  Immunix OS Security update for gftp


--RASg3xLB4tUQ4RcS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

-----------------------------------------------------------------------
	Immunix OS Security Advisory

Packages updated:	gftp
Affected products:	Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed:		immunix/1578
Date:			April 27, 2001
Advisory ID:		IMNX-2001-70-017-01
Author:			Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------

Description:
  Richard Johnson has found a format string problem in the version of
  gftp that ships with Immunix 6.2 and 7.0 (for more information, please
  see http://www.securityfocus.com/archive/82/177241 )

  Normally, printf-style format bugs like this one would be stopped by
  FormatGuard, but FormatGuard is only effective at protecting
  applications that use the printf-like family of functions found in
  glibc.  gftp uses string formatting functions found in GLib (the GTK+
  library, *not* glibc) which bypass FormatGuard protection.

  The following packages fix this problem.


Package names and locations:

  Precompiled binary package for Immunix 6.2 is available at:
    http://immunix.org/ImmunixOS/6.2/updates/RPMS/gftp-2.0.8-1_StackGuard.i386.rpm

  Source package for Immunix 6.2 is available at:
    http://immunix.org/ImmunixOS/6.2/updates/SRPMS/gftp-2.0.8-1_StackGuard.src.rpm

  Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
    http://immunix.org/ImmunixOS/7.0/updates/RPMS/gftp-2.0.8-1_imnx.i386.rpm

  Source package for Immunix 7.0-beta and 7.0 is available at:
    http://immunix.org/ImmunixOS/7.0/updates/SRPMS/gftp-2.0.8-1_imnx.src.rpm


md5sums of the packages:
  21ed7aec4ce92054a9d7b74144b677eb  gftp-2.0.8-1_StackGuard.i386.rpm
  ec85dc5cf7f5a27387390039e152e78a  gftp-2.0.8-1_StackGuard.src.rpm

  b9f4ee8b9b4bce6f8091040860dfd9da  gftp-2.0.8-1_imnx.i386.rpm
  282406a684ae7f546388a03c8491d3d8  gftp-2.0.8-1_imnx.src.rpm


Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/

Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/

Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html


--RASg3xLB4tUQ4RcS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE66dxhAl5ylTeuKpURArTaAJ4s/IHrMSP0z1V3Xht7M8XXOKQ6ogCfezfr
O7KK3I9TlH6UX+/hJVE/19Q=
=7ScK
-----END PGP SIGNATURE-----

--RASg3xLB4tUQ4RcS--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC