Mandriva Update For Gftp MDVSA-2008:018 (gftp) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Kalle Olavi Niemitalo found two boundary errors in the fsplib library, a copy of which is included in gFTP source. A remote attacer could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name, possibly resulting in the execution of arbitrary code (CVE-2007-3962) or a denial of service (CVE-2007-3961). The updated packages have been patched to correct these issues.

Affected

gftp on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-3961, CVE-2007-3962
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:166 (c-client)
Mandrake Security Advisory MDVSA-2009:062 (shadow-utils)
Mandrake Security Advisory MDVSA-2009:191 (OpenEXR)
Mandrake Security Advisory MDVSA-2009:095 (ghostscript)
Mandrake Security Advisory MDVSA-2009:008 (qemu)

Mandriva Update for gftp MDVSA-2008:018 (gftp)

Take action and discover your vulnerabilities