Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200502-27] gFTP: Directory traversal vulnerability Vulnerability Scan
Vulnerability Scan Summary
gFTP: Directory traversal vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200502-27
(gFTP: Directory traversal vulnerability)
gFTP lacks input validation of filenames received by remote
A possible hacker could entice a user to connect to a malicious FTP
server and conduct a directory traversal attack by making use of
specially crafted filenames. This could lead to arbitrary files being
created or overwritten.
There is no known workaround at this time.
All gFTP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/gftp-2.0.18-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.