SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   gFTP Vendors:   Masney, Brian
(Progeny Issues Fix) Re: gFTP Client May Allow Remote FTP Servers to Cause the FTP Client to Execute Arbitrary Code on the User's Host
SecurityTracker Alert ID:  1001524
SecurityTracker URL:  http://securitytracker.com/id/1001524
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 12 2001
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.0.8
Description:   It is reported that the gFTP client contains a vulnerability that may allow a remote server to cause arbitrary code to be executed on the client user's host.

The software reportedly contains a format string security problem in the logging of ftp and http responses. This apparently allows malicious ftp servers to potentially execute code on the gFTP user's system. No further details are available.

Impact:   A malicious ftp server could potentially execute code on the gFTP user's system when the user connects to the server. The malicious server could also cause the gFTP client to crash.
Solution:   Progeny has released a fix. See the Source Message for the Progeny advisory.
Vendor URL:  gftp.seul.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Progeny Debian)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 28 2001 gFTP Client May Allow Remote FTP Servers to Cause the FTP Client to Execute Arbitrary Code on the User's Host



 Source Message Contents

Subject:  PROGENY-SA-2001-13: gFTP client potentially vulnerable to attack


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


 ---------------------------------------------------------------------------
 PROGENY SERVICE NETWORK -- SECURITY ADVISORY             PROGENY-SA-2001-13
 ---------------------------------------------------------------------------

    Synopsis:       gFTP client potentially vulnerable to attack.

    Software:       gftp

    History:
         2001-04-18 Vendor patch/fix available
         2001-04-30 Update available in Progeny archive
         2001-05-08 Advisory sent

    Affects:        Progeny Debian (gftp prior to 2.0.8-1progeny1)

    Progeny Only:   NO

    Vendor-Status:  New Version Released
                    (gftp_2.0.8-1progeny1)


    $Id: gftp,v 1.5 2001/05/01 20:05:44 esmay Exp $

 ---------------------------------------------------------------------------


DESCRIPTION

Versions of gFTP prior to 2.0.8 had a vulnerability related to format
strings which might allow a hostile FTP server to execute code on the
client system with the current user's privileges.


SOLUTION (See also: UPDATING VIA APT-GET)

Upgrade to a fixed version of gFTP. gFTP version 2.0.8 corrects the
problem. For your convenience, you may upgrade to the
gftp_2.0.8-1progeny1 package.


UPDATING VIA APT-GET

 1. Ensure that your /etc/apt/sources.list file has a URI for Progeny's
    update repository:

        deb http://archive.progeny.com/progeny updates/newton/

 2. Update your cache of available packages for apt(8).

    Example:

        # apt-get update

 3. Using apt(8), install the new package. apt(8) will download the
    update, verify its integrity with md5, and then install the
    package on your system with dpkg(8).

    Example:

        # apt-get install gftp


UPDATING VIA DPKG

 1. Use your preferred FTP/HTTP client to retrieve the following
    updated files from Progeny's update archive at:

    http://archive.progeny.com/progeny/updates/newton/

    MD5 Checksum                     Filename
    -------------------------------- -------------------------------------
    5d14ef5556de541eed9dbc2c3842cd55 gftp-common_2.0.8-1progeny1_i386.deb
    c086963abd6e085fe0ad8d69d244d89e gftp-gtk_2.0.8-1progeny1_i386.deb
    3d9fe053682f05286e606c317ee1d71c gftp-text_2.0.8-1progeny1_i386.deb
    fc142109adc12a9492c34316ca799b7e gftp_2.0.8-1progeny1_i386.deb

    Example:

        $ wget \
         http://archive.progeny.com/progeny/updates/newton/gftp-common_2.0.8-1progeny1_i386.deb \
         http://archive.progeny.com/progeny/updates/newton/gftp-gtk_2.0.8-1progeny1_i386.deb \
         http://archive.progeny.com/progeny/updates/newton/gftp-text_2.0.8-1progeny1_i386.deb \
         http://archive.progeny.com/progeny/updates/newton/gftp_2.0.8-1progeny1_i386.deb

 2. Use the md5sum command on the retrieved files to verify that they
    match the md5sum provided in this advisory:

    Example:

        $ md5sum gftp-common_2.0.8-1progeny1_i386.deb

 3. Then install the replacement package(s) using the dpkg command.

    Example:

        # dpkg --install gftp-common_2.0.8-1progeny1_i386.deb gftp-gtk_2.0.8-1progeny1_i386.deb gftp-text_2.0.8-1progeny1_i386.deb
 gftp_2.0.8-1progeny1_i386.deb


WORKAROUND

No known workaround exists for this vulnerability.


MORE INFORMATION

gFTP's changelog can be viewed at http://gftp.seul.org/changelog.html.

Progeny advisories can be found at http://www.progeny.com/security/.


 ---------------------------------------------------------------------------

pub  1024D/F92D4D1F 2001-04-04 Progeny Security Team <security@progeny.com>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDrKpVkRBACS4/hjUliUt9UGTHMUGSZpQlKfBk9OFHmyLHTdjyIBCWRMmOBn
RRhag0FgPicVIDndoQvYw3+ESC/RtbuPCBf6DZ7S0+NHhm1SHEbZyHFLkRXJm+IS
29oFmKrfXnXHckCrJFDZbOznRF6dVe7hV8CYi3FtoTjlRbuiHPQCMuy4ewCghAfv
eYxfB25AoTdBT7WiG8jd4w8D/iFweuqzTwcWtXEgDbDd21W9hNPLEELgguimCCdP
l3GHqw/MUJpIvdYfYhCzTaf4VpvkM5xlJGAcelCUL9qAufwyU8U8JI2YzlbqSlO8
qRwaiwq9qisTKEBb3IQadFqug+ihVdUeP8cuXPvbUEbFt7ILWyUD/kntgFdf1Apo
zZWlA/0SM45hV6yomcM7z08tyh4hZTrWX/RUJqe+U1niNAmzPg4P+r8SfXdIkjb2
fZT5h5cYLIiK+kUEkqyPmZwUlgMCCn4IYVd2pcKXKXWE8ympuf3E5wGYeiVpLBM/
th7qdEF87sViV8McfiRuXEonYrs1nSQZX+f4OxvTQqaP46u10rQsUHJvZ2VueSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBwcm9nZW55LmNvbT6IVwQTEQIAFwUCOsql
WQULBwoDBAMVAwIDFgIBAheAAAoJEEnBfSP5LU0f/sUAnjDpQs5SnFotNJ7GeIWx
Ftf7AvBBAJ0cygWS0XRXxJJq2PKbCbdln+i4d7kEDQQ6yqcjEBAA465SSuC/yvN7
WeZAN9XperqZtxLCVe8hLfrLZ+9/Xn2ysuEEe90rYe1X0HbsB/mInHF3VmT+XvHB
VdDQ7o0VMw7aeDgprt3jDQgT8gIesSOhZvulDujmLhykE+FT/V4lKpqO8prv7Ujs
AfuC7g/X2dcV1+imNOeivLaCM0+HrwUhdvifWFDwE97wBkrda/vhu9zs3NwMeBVN
UYfkRLPm+DGUSQVrteNiYJchhqfJB0mjrd+3FgnpCVgdU4c42epZ2ez/WTgTchoT
duMCd1sM9gzvQIih56KzxlGL82PVS2m0PNxSQ8iZpheMMGWregjpjpMRcrRbSXy+
WmPBacOiE/MyxXand+lGzig/9Srm6msUT5jE/lDcfySznJWH8B/fqD7KM5Z0ZM+b
3xV0PzGyMld+m3BfGolqsd5bpo8HaWCWsZVYfgdXjoDPYptsoPdLesN6WIAHA1kU
n2kckccz4xOoI/8MqKhkzZe0q5a9sv6RLBWDeVLxJnDuXZgcwCc4OvpcR4HnOE7c
U5VsyjYwTkzGWWuQxb8uxng3akHTK2PqeZAnC0tvtuwI7QFhOq/dzz+zHzVH2+Qh
55Aq6DjA9yEs3P7g31wb3duGdWtuIXn+N85GiJdZ1EmJESQCuOYOSHsV4bGxKcpg
PIpoSr5QBAUtUOTwN+xC8nNjZtC5OzsAAwYP/1OD/eiEraGpy7Z9scgXBjjb1kly
tgq06zGlSMWPEQoN3F87YeMiOsXSeDxJG+cnhvlys1Qoytp9/drsDLANi+Q61A/b
aka2IJLudiDu4iUDFb1rgRUERBciA31karPf2IwNjdU8lbulHfxQcjtjj7rbSWOG
gxzlPcLp2F5ee3h0qs+XW4UpD6K9f/u9gGT4nMr3owG06uNomlBAsGCVpk9XlRxG
x96161vrbmTPUx/o6NhqHNuf5Zh8ZmxQ3PYydywiE9njOtS04TTad24qbdPlVQh2
kjkTdsMCFRGaAB8EYImMT3F0ofon1Q/XWZrRlhkZpzuAKLhdSOW5G+tygNy2IqsH
wCYa/rDitYZeNN4EUb5At4HnSBCy86GFQgj+sDFO6yp+h7NLIMeTm0csaSbKEt6o
cbn0iMaRbLdHmAm0UHATPho+M2brf3mTztvAPONta2FC9TP1L1ojTDd4mtO9IcdM
hjOVqNbuyLXkWgPcSmwhhjB61p3/1M1Y/zfXxLOsi/XJlstYzzKzHa68F1e9dTEz
kgeYo1hG5TqMKv1sXfPJHw4N/QVcLoUlpUJZ/kI2OQD5mAhCCZ9PbT2fT4gLhy7U
sn0blh/R/0HFSFDwHgmx8mNfw7w0qFbba9/FEE8D5qhyyCx5KTk0OkvRL9OpzO7E
jzjdcfb6B2XpgSC8iEYEGBECAAYFAjrKpyMACgkQScF9I/ktTR90vgCggiX108DO
S3rhSkmfFuHey8w4RlIAn3nD+uCe+sjCFqVwb+LY2jO3ybjB
=6dRm
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjr3IisACgkQScF9I/ktTR+Y/gCfYw0cnbxrKput00wA3NY4SdSh
JicAn11DklAABz9zuQGdtokyG3TvQ+gT
=Qaus
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC