SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   LFTP Vendors:   Lukyanov, Alexander
(Turbolinux Issues Fix) LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution
SecurityTracker Alert ID:  1008829
SecurityTracker URL:  http://securitytracker.com/id/1008829
CVE Reference:   CVE-2003-0963   (Links to External Site)
Date:  Jan 23 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.6.10
Description:   A buffer overflow vulnerability was reported in LFTP. A remote server may be able to cause arbitrary code to be executed on a connected client.

It is reported that LFTP contains buffer overflows that can be triggered by a remote user. The flaws reside in the try_netscape_proxy() and try_squid_eplf() functions in 'HttpDir.cc'. A remote user operating a web server can reportedly create a specially crafted directory so that when a target user connects to the web server (secure or non-secure) with the LFTP client and issues the "ls" or "rels" command, arbitrary code will be executed on the target user's system.

Ulf Harnhammar is credited with discovering the bugs.

Impact:   A remote server can cause arbitrary code to be executed on the target user's LFTP client when the client connects to the server and issues an "ls" or "rels" command.
Solution:   Turbolinux has issued a fix.

<Turbolinux 10 Desktop>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 02afd2811a68d6d2aaf35060b3424bde

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/lftp-2.6.11-1.i586.rpm
992246 44dc20c2e19421872f53d6d662b83036

<Turbolinux 8 Server>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 18d409d022849172aa87fe212d079533

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/lftp-2.6.11-1.i586.rpm
811850 32310dab35b76e007960a6200dd9bf75

<Turbolinux 8 Workstation>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 e5be1ebe9aa810eecc1ca2a5e8e7eded

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/lftp-2.6.11-1.i586.rpm
812242 50b63e5c20288850a03b01ac776382bd

<Turbolinux 7 Server>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 75ed3f49328c0becd433220bbe61723f

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/lftp-2.6.11-1.i586.rpm
855835 3fb2038e18b0d625021cc6293afb1111

<Turbolinux 7 Workstation>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 7fbc000da3485af428a3f4e4a49b7a55

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/lftp-2.6.11-1.i586.rpm
856189 2ab8dc55cdeb716cc258a827a4cb9956

<Turbolinux Server 6.5>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 08d35dd856f4fc20d7ab6bceef4078c0

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/lftp-2.6.11-1.i386.rpm
1055172 f8e83b25ab05101fd0174c9a9b8cb50a

<Turbolinux Advanced Server 6>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 5e42a619b6062c174e090d0e489c1c8f

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/lftp-2.6.11-1.i386.rpm
1055177 859b5330881c0cc82a6cc3f9b1dd2a62

<Turbolinux Server 6.1>

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/lftp-2.6.11-1.src.rpm
1198551 a49c3938c3e3f092e8f003ab2acb8e46

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/lftp-2.6.11-1.i386.rpm
1055167 9e172eea0c66a78bba547814cdf63e00

Vendor URL:  lftp.yar.ru/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Turbo Linux)
Underlying OS Comments:  Turbolinux 10 Desktop, 8 Server, 8 Workstation, 7 Server, 7 Workstation, Server 6.5, Advanced Server 6, Server 6.1

Message History:   This archive entry is a follow-up to the message listed below.
Dec 14 2003 LFTP Buffer Overflow in Processing HTTP Responses May Allow Remote Code Execution



 Source Message Contents

Subject:  [Full-Disclosure] [TURBOLINUX SECURITY INFO] 22/Jan/2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 22/Jan/2004
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) lftp-> Buffer overflow
 (2) tcpdump -> Multiple vulnerabilities in tcpdump

===========================================================
* lftp-> Buffer overflow
===========================================================

 More information :
    The lftp is a shell-like command line ftp client.
    A buffer overflow vulnerability was discovered in the lftp FTP client
    when connecting to a web server using HTTP or HTTPS and using the "ls" or "rels"
    command on specially prepared directory. 

 Impact :
    The attacker could execute arbitrary code on the users machine.

 Affected Products :
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 [Turbolinux 10 Desktop]
 # zabom -u lftp
 [other]
 # zabom update lftp
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 02afd2811a68d6d2aaf35060b3424bde

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/lftp-2.6.11-1.i586.rpm
       992246 44dc20c2e19421872f53d6d662b83036

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 18d409d022849172aa87fe212d079533

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/lftp-2.6.11-1.i586.rpm
       811850 32310dab35b76e007960a6200dd9bf75

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 e5be1ebe9aa810eecc1ca2a5e8e7eded

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/lftp-2.6.11-1.i586.rpm
       812242 50b63e5c20288850a03b01ac776382bd

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 75ed3f49328c0becd433220bbe61723f

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/lftp-2.6.11-1.i586.rpm
       855835 3fb2038e18b0d625021cc6293afb1111

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 7fbc000da3485af428a3f4e4a49b7a55

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/lftp-2.6.11-1.i586.rpm
       856189 2ab8dc55cdeb716cc258a827a4cb9956

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 08d35dd856f4fc20d7ab6bceef4078c0

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/lftp-2.6.11-1.i386.rpm
      1055172 f8e83b25ab05101fd0174c9a9b8cb50a

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 5e42a619b6062c174e090d0e489c1c8f

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/lftp-2.6.11-1.i386.rpm
      1055177 859b5330881c0cc82a6cc3f9b1dd2a62

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/lftp-2.6.11-1.src.rpm
      1198551 a49c3938c3e3f092e8f003ab2acb8e46

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/lftp-2.6.11-1.i386.rpm
      1055167 9e172eea0c66a78bba547814cdf63e00


 References :

 CVE
   [CAN-2003-0963]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0963


===========================================================
* tcpdump -> Multiple vulnerabilities in tcpdump
===========================================================

 More information :
    Tcpdump is a tool designed to prints out the headers of packets on a network interface.
    The buffer overflow vulnerabilities were discovered in the ISAKMP and RADIUS
    decoding routines of tcpdump.

 Impact :
    Remote attackers could potentially exploit these issues by sending
    carefully-crafted packets to a victim. 

 Affected Products :
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use turbopkg(zabom) tool to apply the update.
 ---------------------------------------------
 # turbopkg
 or
 [Turbolinux 10 Desktop]
 # zabom -u tcpdump
 [other]
 # zabom update tcpdump
 ---------------------------------------------


 <Turbolinux 10 Desktop>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 658d11df7263293b7d766f7ffc866ccc

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       258006 a0594a9d6fbc92401a2dc24376310a2b

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 c9ce45a6207351c44cc36a67a420369e

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       260371 55ea9ee44cfaddffaf00185b3742c22e

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 23f4f97ca13382a50a7e6ddff74f15d0

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       260353 3129568a7958617a3d62c31417e81c86

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 4b7f12431243188bfc6f5f4f0c4f31bd

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       254797 76965cac8c2a72e977b15d4c89b3e70a

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 3c794815c4ed1d59f9e049f18cb182e3

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/tcpdump-3.8.1-1.i586.rpm
       254840 fa1749b1872fb1ee4d691fe013901e0d

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 9cc994e105372927bb073fc08ec873a5

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248989 531cfec072bfe787250491d9f40dd26b

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 fee82ff4bf36960d651662b0eb4df445

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248989 18b4d244206f975580aec81cd0c29da7

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 b77ec7657d1f7023a4c23c4e5e36f9dd

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248953 e2966bbcbd4b1dbca887aefa68bed918

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/tcpdump-3.8.1-1.src.rpm
       533354 decc8749c84db2f28b5f3029653aa148

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/tcpdump-3.8.1-1.i386.rpm
       248963 cce7a0508f7741046ec1e1103ef80102


 References :

 CVE
   [CAN-2003-0989]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
   [CAN-2004-0055]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
   [CAN-2004-0057]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057

 Turbolinux Security Advisory
   [TLSA-2003-14]
   http://www.turbolinux.com/security/TLSA-2003-14.txt


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@turbolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAD28eK0LzjOqIJMwRAjh9AKCEJybQKDFq++Sfdx3uutXc0ABWggCcD631
u0P8hToeuySCKqtJxYdX0jg=
=zK+N
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC