SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   LFTP Vendors:   Lukyanov, Alexander
LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
SecurityTracker Alert ID:  1008463
SecurityTracker URL:  http://securitytracker.com/id/1008463
CVE Reference:   CVE-2003-0963   (Links to External Site)
Updated:  Dec 16 2003
Original Entry Date:  Dec 14 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.6.10
Description:   A buffer overflow vulnerability was reported in LFTP. A remote server may be able to cause arbitrary code to be executed on a connected client.

It is reported that LFTP contains buffer overflows that can be triggered by a remote user. The flaws reside in the try_netscape_proxy() and try_squid_eplf() functions in 'HttpDir.cc'. A remote user operating a web server can reportedly create a specially crafted directory so that when a target user connects to the web server (secure or non-secure) with the LFTP client and issues the "ls" or "rels" command, arbitrary code will be executed on the target user's system.

Ulf Harnhammar is credited with discovering the bugs.

Impact:   A remote server can cause arbitrary code to be executed on the target user's LFTP client when the client connects to the server and issues an "ls" or "rels" command.
Solution:   The vendor has released a fixed version (2.6.10), available at:

http://lftp.yar.ru/get.html

Vendor URL:  lftp.yar.ru/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 14 2003 (Immunix Issues Fix) LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
Immunix has released a fix.
Dec 14 2003 (Slackware Issues Fix) LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
Slackware has issued a fix.
Dec 15 2003 (SuSE Issues Fix) LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
SuSE has released a fix.
Dec 16 2003 (Mandrake Issues Fix) LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
Mandrake has released a fix.
Dec 16 2003 (Red Hat Issues Fix for RH Enterprise Linux) LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
Red Hat has released a fix for Red Hat Enterprise Linux.
Dec 16 2003 (Red Hat Issues Fix) LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
Red Hat has released a fix for Red Hat Linux.
Dec 18 2003 (Gentoo Issues Fix) LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
Gentoo has released a fix.
Jan 5 2004 (Debian Issues Fix) LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
Debian has released a fix.
Jan 6 2004 (Conectiva Issues Fix) LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
Conectiva has released a fix.
Jan 23 2004 (Turbolinux Issues Fix) LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
Turbolinux has issued a fix.



 Source Message Contents

Subject:  LFTP


It is reported that LFTP contains buffer overflows that can be triggered by a remote user.

Ulf Harnhammar is credited with discovering the bugs.

The vendor has issued a fixed version (2.6.10).

CVE:  CAN-2003-0963


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC