FreeBSD Ports: Tnftp Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://tigger.uic.edu/~jlongs2/holes/tnftp.txt http://cvsweb.netbsd.org/bsdweb.cgi/othersrc/usr.bin/tnftp/src/cmds.c?rev=1.1.1.3&content-type=text/x-cvsweb-markup http://it.slashdot.org/article.pl?sid=04/12/15/2113202 http://marc.theaimsgroup.com/?l=bugtraq&m=110321888413132 http://www.vuxml.org/freebsd/f92e1bbc-5e18-11d9-839a-0050da134090.html

Insight

The following package is affected: tnftp CVE-2004-1294 The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.

Severity

Classification

CVE CVE-2004-1294
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

FreeBSD Ports: apache
FreeBSD Ports: bugzilla, ja-bugzilla
FreeBSD Ports: asterisk14
FreeBSD Ports: bind9
FreeBSD Ports: bugzilla, ja-bugzilla

FreeBSD Ports: tnftp

Take action and discover your vulnerabilities