|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200502-27] gFTP: Directory traversal vulnerability Vulnerability Scan
Vulnerability Scan Summary gFTP: Directory traversal vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200502-27
(gFTP: Directory traversal vulnerability)
gFTP lacks input validation of filenames received by remote
servers.
Impact
A possible hacker could entice a user to connect to a malicious FTP
server and conduct a directory traversal attack by making use of
specially crafted filenames. This could lead to arbitrary files being
created or overwritten.
Workaround
There is no known workaround at this time.
References:
http://archives.seul.org/gftp/announce/Feb-2005/msg00000.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0372
Solution:
All gFTP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/gftp-2.0.18-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|