|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200511-11] linux-ftpd-ssl: Remote buffer overflow Vulnerability Scan
Vulnerability Scan Summary linux-ftpd-ssl: Remote buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200511-11
(linux-ftpd-ssl: Remote buffer overflow)
A buffer overflow vulnerability has been found in the
linux-ftpd-ssl package. A command that generates an excessively long
response from the server may overrun a stack buffer.
Impact
A possible hacker that has permission to create directories that are
accessible via the FTP server could exploit this vulnerability.
Successful exploitation would execute arbitrary code on the local
machine with root rights.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3524
Solution:
All ftpd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/ftpd-0.17-r3"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|