Gentoo Security Advisory GLSA 200409-27 (glftpd) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200409-27.

Solution

All glFTPd users should upgrade to the latest version: # emerge sync # emerge -pv '>=net-ftp/glftpd-1.32-r1' # emerge '>=net-ftp/glftpd-1.32-r1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-27 http://bugs.gentoo.org/show_bug.cgi?id=64809 http://www.securityfocus.com/archive/1/375775/2004-09-17/2004-09-23/0 http://www.glftpd.com/modules.php?op=modload&name=News&file=article&sid=23&mode=thread&order=0&thold=0

Insight

glFTPd is vulnerable to a local buffer overflow which may allow arbitrary code execution.

Severity

Classification

CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200311-08 (Libnids)
Gentoo Security Advisory GLSA 200408-15 (tomcat)
Gentoo Security Advisory GLSA 200405-02 (lha)
Gentoo Security Advisory GLSA 200404-03 (tcpdump)
Gentoo Security Advisory GLSA 200408-27 (Gaim)

Take action and discover your vulnerabilities