Family: Debian Local Security Checks --> Category: infos
[DSA084] DSA-084-1 gftp Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Stephane Gaudreault told
us that version 2.0.6a of gftp displays the
password in plain text on the screen within the log window when it is
logging into an ftp server. A malicious colleague who is watching the
screen could gain access to the users shell on the remote machine.
This problem has been fixed by the Security Team in version 2.0.6a-3.2
for the stable Debian GNU/Linux 2.2.
We recommend that you upgrade your gftp package.
Solution : http://www.debian.org/security/2001/dsa-084
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.