GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Nov 13, 2005 6:05 pm Post subject: [ GLSA 200511-11 ] linux-ftpd-ssl: Remote buffer overflow |
|
|
Gentoo Linux Security Advisory
Title: linux-ftpd-ssl: Remote buffer overflow (GLSA 200511-11)
Severity: high
Exploitable: remote
Date: November 13, 2005
Updated: December 30, 2007
Bug(s): #111573
ID: 200511-11
Synopsis
A buffer overflow vulnerability has been found, allowing a remote attacker to execute arbitrary code with escalated privileges on the local system.
Background
linux-ftpd-ssl is the netkit FTP server with encryption support.
Affected Packages
Package: net-ftp/netkit-ftpd
Vulnerable: < 0.17-r3
Unaffected: >= 0.17-r3
Architectures: All supported architectures
Description
A buffer overflow vulnerability has been found in the linux-ftpd-ssl package. A command that generates an excessively long response from the server may overrun a stack buffer.
Impact
An attacker that has permission to create directories that are accessible via the FTP server could exploit this vulnerability. Successful exploitation would execute arbitrary code on the local machine with root privileges.
Workaround
There is no known workaround at this time.
Resolution
All ftpd users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r3" |
References
CVE-2005-3524
Last edited by GLSA on Sun Dec 30, 2007 4:17 am; edited 2 times in total |
|