[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] lftp remote exploit
Topic
=====
remote exploit in lftp command-line client
Problem Description
===================
lftp is a command-line file transfer program supporting FTP and HTTP
protocols.
lftp is vulnerable to two remote buffer overflows.
When using lftp via HTTP or HTTPS to execute commands like 'ls' or 'rels'
specially prepared directories on the server can trigger a buffer overflow
in the HTTP handling functions of lftp to possibly execute arbitrary code
on the client-side.
Please note, to exploit these bugs an attacker has to control the server-
side of the context and the attacker will only gain access to the account
of the user that is executing lftp.
Affected Versions
=================
lftp versions 2.6.9 and earlier
Solution
========
upgrade to versions 2.6.10 or later (or to patched version for your
distribution)
RedHat 7.x
----------
rpm -Fvh lftp-2.4.9-2.i386.rpm
RedHat 8.0
----------
rpm -Fvh lftp-2.5.2-6.i386.rpm
RedHat 9
--------
rpm -Fvh lftp-2.6.3-4.i386.rpm
SuSE-8.2
--------
rpm -Fvh lftp-2.6.4-44.i586.rpm
SuSE-9.0
--------
rpm -Fvh lftp-2.6.6-71.i586.rpm
Fedora 1
--------
rpm -Fvh lftp-2.6.10-1.i386.rpm
Mandrake 9.0
------------
rpm -Fvh lftp-2.6.0-1.1.90mdk.i586.rpm
Mandrake 9.1
------------
rpm -Fvh lftp-2.6.4-2.1.91mdk.i586.rpm
Mandrake 9.2
------------
rpm -Fvh lftp-2.6.6-2.1.92mdk.i586.rpm
Debian 3.0 (woody)
------------------
upgrade to lftp_2.4.9-1woody2_i386.deb