Test ID:	1.3.6.1.4.1.25623.1.0.51327
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:800
Summary:	Conectiva Security Advisory CLA-2004:800
Description:	The remote host is missing updates announced in advisory CLA-2004:800. lftp[1] is a command-line file transfer program which supports many protocols. Ulf Härnhammar reported[2] two buffer overflow vulnerabilities[3] in the lftp program. An attacker could prepare a directory on a server which, if accessed with a vulnerable lftp with the ls or rels command, could cause arbitrary code to be executed on the client. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:800 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High
Cross-Ref:	BugTraq ID: 9212 Common Vulnerability Exposure (CVE) ID: CVE-2003-0963 Bugtraq: 20031213 lftp buffer overflows (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=107152267121513&w=2 Bugtraq: 20031212 [slackware-security] lftp security update (SSA:2003-346-01) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=107126386226196&w=2 http://www.redhat.com/support/errata/RHSA-2003-403.html http://www.redhat.com/support/errata/RHSA-2003-404.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:116 SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc SuSE Security Announcement: SuSE-SA:2003:051 (Google Search) http://www.novell.com/linux/security/advisories/2003_051_lftp.html Debian Security Information: DSA-406 (Google Search) http://www.debian.org/security/2004/dsa-406 Conectiva Linux advisory: CLA-2004:800 http://marc.theaimsgroup.com/?l=bugtraq&m=107340499504411&w=2 SGI Security Advisory: 20040101-01-U ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U Bugtraq: 20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=107167974714484&w=2 Bugtraq: 20031218 GLSA: lftp (200312-07) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=107177409418121&w=2 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11180 http://secunia.com/advisories/10525 http://secunia.com/advisories/10548
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: