Lucene search

Gentoo FoundationGLSA-200711-01

HistoryNov 01, 2007 - 12:00 a.m.

gFTP: Multiple vulnerabilities

2007-11-0100:00:00

Gentoo Foundation

security.gentoo.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.168 Low

EPSS

Percentile

96.0%

JSON

Background

gFTP is an FTP client for the GNOME desktop environment.

Description

Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names.

Impact

A remote attacker could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name, possibly resulting in the execution of arbitrary code (CVE-2007-3962) or a Denial of Service (CVE-2007-3961).

Workaround

There is no known workaround at this time.

Resolution

All gFTP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-ftp/gftp-2.0.18-r6"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-ftp/gftp< 2.0.18-r6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-ftp/gftp	< 2.0.18-r6	UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.168 Low

EPSS

Percentile

96.0%

JSON

Related for GLSA-200711-01