drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Problem beim Parsen von HTML in lftp
Name: |
Problem beim Parsen von HTML in lftp
|
|
ID: |
200312-07 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Fr, 19. Dezember 2003, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
lftp |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200312-07 --------------------------------------------------------------------------
GLSA: 200312-07 Package: net-ftp/lftp Summary: Two buffer overflow problems found in lftp Severity: minimal Gentoo bug: 35866 Date: 2003-12-16 CVE: CAN-2003-0963 Exploit: remote Affected: <=2.6.9 Fixed: >=2.6.10
DESCRIPTION:
Two buffer overflow problems have been found in lftp, a multithreaded command-line based FTP client. A specially created directory on a web server could be used to execute arbitrary code on the connecting machine. The user's machine has to connect to a malicious web server using HTTP or HTTPS, then issue an "ls" or "rels" command.
Please see <http://www.securityfocus.com/archive/1/347587/2003-12-13/2003-12-19/0> for more details on this problem.
SOLUTION:
All machines which have net-ftp/lftp installed should be updated to use version 2.6.10 or higher using these commands:
emerge sync emerge -pv '>=net-ftp/lftp-2.6.10' emerge '>=net-ftp/lftp-2.6.10' emerge clean
// end
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin)
iD8DBQE/4U3Wnt0v0zAqOHYRAm7VAJsHDxrJLLQOU51blaP2VMCjkt/+dQCcC6zP m/ELiJH0C0PukA++i1CfCmc= =h16K -----END PGP SIGNATURE-----
|
|
|
|