Debian DSA-057-1 : gftp - printf format attack

The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making an FTP server return special responses that exploit this. %NASLMINLEVE...

Mandrake Linux Security Advisory : gftp (MDKSA-2001:044)

A format string vulnerability exists in all versions of gftp prior to version 2.0.8. This vulnerability has been fixed upstream in version 2.0.8. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandrake Linux Security...

CVE-2001-0489

Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands...

CVE-2001-0489

The CVE-2001-0489 entry concerns gftp before version 2.0.8, where a printf/format string vulnerability in the logging of network data allows a remote FTP server to cause arbitrary commands to be executed. Affected component is the gftp client; root cause is unsafe handling of data received from t...