Lucene search

GoogleOSV:DSA-281

HistoryApr 08, 2003 - 12:00 a.m.

moxftp - buffer overflow

2003-04-0800:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Knud Erik HĂ¸jgaard discovered a vulnerability in moxftp (and xftp
respectively), an Athena X interface to FTP. Insufficient bounds
checking could lead to execution of arbitrary code, provided by a
malicious FTP server. Erik Tews fixed this.

For the stable distribution (woody) this problem has been fixed in
version 2.2-18.1.

For the old stable distribution (potato) this problem has been fixed
in version 2.2-13.1.

For the unstable distribution (sid) this problem has been fixed
in version 2.2-18.20.

We recommend that you upgrade your xftp package.

References

www.debian.org/security/2003/dsa-281

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for OSV:DSA-281