 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50288 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 1 FEDORA-2003-034 (lftp) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to lftp announced via advisory FEDORA-2003-034. LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind. Update Information: Ulf Härnhammar found a remotely-triggerable buffer overflow in lftp. An attacker could create a carefully crafted directory on a website such that, if a user connects to that directory using the lftp client and subsequently issues a 'ls' or 'rels' command, the attacker could execute arbitrary code on the users machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0963 to this issue. Users of lftp are advised to upgrade to these erratum packages, which upgrade lftp to a version which is not vulnerable to this issue. Red Hat would like to thank Ulf Härnhammar for discovering and alerting us to this issue. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2003-034.shtml Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
BugTraq ID: 9212 Common Vulnerability Exposure (CVE) ID: CVE-2003-0963 Bugtraq: 20031212 [slackware-security] lftp security update (SSA:2003-346-01) (Google Search) http://marc.info/?l=bugtraq&m=107126386226196&w=2 Bugtraq: 20031213 lftp buffer overflows (Google Search) http://marc.info/?l=bugtraq&m=107152267121513&w=2 Bugtraq: 20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp) (Google Search) http://marc.info/?l=bugtraq&m=107167974714484&w=2 Bugtraq: 20031218 GLSA: lftp (200312-07) (Google Search) http://marc.info/?l=bugtraq&m=107177409418121&w=2 Conectiva Linux advisory: CLA-2004:800 http://marc.info/?l=bugtraq&m=107340499504411&w=2 Debian Security Information: DSA-406 (Google Search) http://www.debian.org/security/2004/dsa-406 http://www.mandriva.com/security/advisories?name=MDKSA-2003:116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180 http://www.redhat.com/support/errata/RHSA-2003-403.html http://www.redhat.com/support/errata/RHSA-2003-404.html http://secunia.com/advisories/10525 http://secunia.com/advisories/10548 SGI Security Advisory: 20040101-01-U ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc SuSE Security Announcement: SuSE-SA:2003:051 (Google Search) http://www.novell.com/linux/security/advisories/2003_051_lftp.html |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |