[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] lftp remote exploit



Topic
=====
remote exploit in lftp command-line client

Problem Description
===================
lftp is a command-line file transfer program supporting FTP and HTTP
protocols.
lftp is vulnerable to two remote buffer overflows.
When using lftp via HTTP or HTTPS to execute commands like 'ls' or 'rels'
specially prepared directories on the server can trigger a buffer overflow
in the HTTP handling functions of lftp to possibly execute arbitrary code
on the client-side.
Please note, to exploit these bugs an attacker has to control the server-
side of the context and the attacker will only gain access to the account
of the user that is executing lftp.

Affected Versions
=================
lftp versions 2.6.9 and earlier

Solution
========
upgrade to versions 2.6.10 or later (or to patched version for your
distribution)

RedHat 7.x
----------
rpm -Fvh lftp-2.4.9-2.i386.rpm

RedHat 8.0
----------
rpm -Fvh lftp-2.5.2-6.i386.rpm

RedHat 9
--------
rpm -Fvh lftp-2.6.3-4.i386.rpm

SuSE-8.2
--------
rpm -Fvh lftp-2.6.4-44.i586.rpm

SuSE-9.0
--------
rpm -Fvh lftp-2.6.6-71.i586.rpm

Fedora 1
--------
rpm -Fvh lftp-2.6.10-1.i386.rpm

Mandrake 9.0
------------
rpm -Fvh lftp-2.6.0-1.1.90mdk.i586.rpm

Mandrake 9.1
------------
rpm -Fvh lftp-2.6.4-2.1.91mdk.i586.rpm

Mandrake 9.2
------------
rpm -Fvh lftp-2.6.6-2.1.92mdk.i586.rpm

Debian 3.0 (woody)
------------------
upgrade to lftp_2.4.9-1woody2_i386.deb