Family: Debian Local Security Checks --> Category: infos
[DSA057] DSA-057-1 gftp Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
The gftp package as distributed with Debian GNU/Linux 2.2 has a problem
in its logging code: it logged data received from the network but it did
not protect itself from printf format attacks. A possible hacker can use this
by making an FTP server return special responses that exploit this.
This has been fixed in version 2.0.6a-3.1, and we recommend that you
upgrade your gftp package.
Note: this advisory was posted as DSA-055-1 by mistake.
Solution : http://www.debian.org/security/2001/dsa-057
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.