[gftp] [CVE-2007-3961] [CVE-2007-3962] possible execution of arbitrary code or DoS
Bug #185040 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gftp (Gentoo Linux) |
Fix Released
|
High
|
|||
gftp (Ubuntu) |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Binary package hint: gftp
References:
MDVSA-2008:018 (http://
Quoting:
"Kalle Olavi Niemitalo found two boundary errors in the fsplib library,
a copy of which is included in gFTP source. A remote attacer could
trigger these vulnerabilities by enticing a user to download a file
with a specially crafted directory or file name, possibly resulting in
the execution of arbitrary code (CVE-2007-3962) or a denial of service
(CVE-2007-3961)."
Changed in gftp: | |
status: | Unknown → Fix Released |
Changed in gftp: | |
importance: | Undecided → Low |
status: | New → Confirmed |
Changed in gftp (Gentoo Linux): | |
importance: | Unknown → High |
To post a comment you must log in.
Looking at fsplib code shipped with gftp and this upstream's patch (http:// fsp.cvs. sourceforge. net/fsp/ fsplib/ fsplib. c?r1=1. 15&r2=1. 16), it seems that we don't need to do anything.