[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] lftp remote exploit

To: linux-security@sfu.ca
Subject: [linux-security] lftp remote exploit
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 7 Jan 2004 18:59:55 -0800
User-Agent: Mutt/1.4.1i

Topic
=====
remote exploit in lftp command-line client

Problem Description
===================
lftp is a command-line file transfer program supporting FTP and HTTP
protocols.
lftp is vulnerable to two remote buffer overflows.
When using lftp via HTTP or HTTPS to execute commands like 'ls' or 'rels'
specially prepared directories on the server can trigger a buffer overflow
in the HTTP handling functions of lftp to possibly execute arbitrary code
on the client-side.
Please note, to exploit these bugs an attacker has to control the server-
side of the context and the attacker will only gain access to the account
of the user that is executing lftp.

Affected Versions
=================
lftp versions 2.6.9 and earlier

Solution
========
upgrade to versions 2.6.10 or later (or to patched version for your
distribution)

RedHat 7.x
----------
rpm -Fvh lftp-2.4.9-2.i386.rpm

RedHat 8.0
----------
rpm -Fvh lftp-2.5.2-6.i386.rpm

RedHat 9
--------
rpm -Fvh lftp-2.6.3-4.i386.rpm

SuSE-8.2
--------
rpm -Fvh lftp-2.6.4-44.i586.rpm

SuSE-9.0
--------
rpm -Fvh lftp-2.6.6-71.i586.rpm

Fedora 1
--------
rpm -Fvh lftp-2.6.10-1.i386.rpm

Mandrake 9.0
------------
rpm -Fvh lftp-2.6.0-1.1.90mdk.i586.rpm

Mandrake 9.1
------------
rpm -Fvh lftp-2.6.4-2.1.91mdk.i586.rpm

Mandrake 9.2
------------
rpm -Fvh lftp-2.6.6-2.1.92mdk.i586.rpm

Debian 3.0 (woody)
------------------
upgrade to lftp_2.4.9-1woody2_i386.deb

Prev by Date: Re: [linux-security] supported distributions
Next by Date: [linux-security] local root exploit in Linux kernel
Prev by thread: [linux-security] check-rpms version 3.0.0 available
Next by thread: [linux-security] supported distributions
Index(es):
- Date
- Thread