[gftp] [CVE-2007-3961] [CVE-2007-3962] possible execution of arbitrary code or DoS
Bug #185040 reported by
disabled.user
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gftp (Gentoo Linux) |
Fix Released
|
High
|
|||
| gftp (Ubuntu) |
Won't Fix
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: gftp
References:
MDVSA-2008:018 (http://
Quoting:
"Kalle Olavi Niemitalo found two boundary errors in the fsplib library,
a copy of which is included in gFTP source. A remote attacer could
trigger these vulnerabilities by enticing a user to download a file
with a specially crafted directory or file name, possibly resulting in
the execution of arbitrary code (CVE-2007-3962) or a denial of service
(CVE-2007-3961)."
| Changed in gftp: | |
| status: | Unknown → Fix Released |
| Changed in gftp: | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
Revision history for this message
| Alessio Treglia (quadrispro) wrote | #1 |
| Changed in gftp (Ubuntu): | |
| status: | Confirmed → Won't Fix |
| Changed in gftp (Gentoo Linux): | |
| importance: | Unknown → High |
To post a comment you must log in.
Looking at fsplib code shipped with gftp and this upstream's patch (http://