Gentoo Security Advisory GLSA 200312-07 (lftp) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200312-07.

Solution

All Gentoo users who have net-ftp/lftp installed should update to use version 2.6.0 or higher using these commands: # emerge sync # emerge -pv '>=net-ftp/lftp-2.6.10' # emerge '>=net-ftp/lftp-2.6.10' # emerge clean http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200312-07 http://bugs.gentoo.org/show_bug.cgi?id=35866 http://www.securityfocus.com/archive/1/347587/2003-12-13/2003-12-19/0

Insight

Two buffer overflow problems are found in lftp that, in case the user visits a malicious ftp server, could lead to malicious code being executed.

Severity

Classification

CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200409-21 (apache)
Gentoo Security Advisory GLSA 200408-06 (SpamAssassin)
Gentoo Security Advisory GLSA 200407-04 (Pure-FTPd)
Gentoo Security Advisory GLSA 200404-10 ()
Gentoo Security Advisory GLSA 200412-26 (ViewCVS)

Take action and discover your vulnerabilities