 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50962 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2003:404 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory RHSA-2003:404. lftp is a command-line file transfer program supporting FTP and HTTP protocols. Ulf Härnhammar discovered a buffer overflow bug in versions of lftp up to and including 2.6.9. An attacker could create a carefully crafted directory on a website such that, if a user connects to that directory using the lftp client and subsequently issues a 'ls' or 'rels' command, the attacker could execute arbitrary code on the users machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0963 to this issue. Users of lftp are advised to upgrade to these erratum packages, which contain a backported security patch and are not vulnerable to this issue. Red Hat would like to thank Ulf Härnhammar for discovering and alerting us to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-404.html Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
BugTraq ID: 9212 Common Vulnerability Exposure (CVE) ID: CVE-2003-0963 Bugtraq: 20031212 [slackware-security] lftp security update (SSA:2003-346-01) (Google Search) http://marc.info/?l=bugtraq&m=107126386226196&w=2 Bugtraq: 20031213 lftp buffer overflows (Google Search) http://marc.info/?l=bugtraq&m=107152267121513&w=2 Bugtraq: 20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp) (Google Search) http://marc.info/?l=bugtraq&m=107167974714484&w=2 Bugtraq: 20031218 GLSA: lftp (200312-07) (Google Search) http://marc.info/?l=bugtraq&m=107177409418121&w=2 Conectiva Linux advisory: CLA-2004:800 http://marc.info/?l=bugtraq&m=107340499504411&w=2 Debian Security Information: DSA-406 (Google Search) http://www.debian.org/security/2004/dsa-406 http://www.mandriva.com/security/advisories?name=MDKSA-2003:116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180 http://www.redhat.com/support/errata/RHSA-2003-403.html http://www.redhat.com/support/errata/RHSA-2003-404.html http://secunia.com/advisories/10525 http://secunia.com/advisories/10548 SGI Security Advisory: 20040101-01-U ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc SuSE Security Announcement: SuSE-SA:2003:051 (Google Search) http://www.novell.com/linux/security/advisories/2003_051_lftp.html |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |