Lucene search
SuseSUSE-SA:2003:051HistoryDec 15, 2003 - 1:35 p.m.
remote system compromise in lftp
2003-12-1513:35:24
lists.opensuse.org
9
EPSS
0.017
Percentile
88.0%
The the flexible and powerful FTP command-line client lftp is vulnerable to two remote buffer overflows. When using lftp via HTTP or HTTPS to execute commands like ‘ls’ or ‘rels’ specially prepared directories on the server can trigger a buffer overflow in the HTTP handling functions of lftp to possibly execute arbitrary code on the client-side. Please note, to exploit these bugs an attacker has to control the server- side of the context and the attacker will only gain access to the account of the user that is executing lftp.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.0 | i586 | lftp | < 2.6.6-71 | lftp-2.6.6-71.i586.rpm |
| openSUSE | 8.2 | i586 | lftp | < 2.6.4-44 | lftp-2.6.4-44.i586.rpm |
Related
freebsd
freebsd
lftp HTML parsing vulnerability
2003-12-11 00:00:00
nessus
nessus
FreeBSD : lftp HTML parsing vulnerability (89)
2004-07-06 00:00:00
RHEL 2.1 / 3 : lftp (RHSA-2003:404)
2004-07-06 00:00:00
Mandrake Linux Security Advisory : lftp (MDKSA-2003:116)
2004-07-31 00:00:00
redhat
redhat
(RHSA-2003:404) lftp security update
2003-12-16 00:00:00
openvas
openvas
FreeBSD Ports: lftp
2008-09-04 00:00:00
Debian: Security Advisory (DSA-406)
2008-01-17 00:00:00
FreeBSD Ports: lftp
2008-09-04 00:00:00
debian
debian
[SECURITY] [DSA 406-1] New lftp packages fix arbitrary code execution
2004-01-05 06:50:23
[SECURITY] [DSA 406-1] New lftp packages fix arbitrary code execution
2004-01-05 06:50:23
cve
cve
CVE-2003-0963
2004-01-05 05:00:00
osv
osv
lftp - buffer overflow
2004-01-05 00:00:00
debiancve
debiancve
CVE-2003-0963
2004-01-05 05:00:00
exploitdb
exploitdb
lftp 2.6.9 - Remote Stack Overflow
2004-01-14 00:00:00
cvelist
cvelist
CVE-2003-0963
2003-12-17 05:00:00
nvd
nvd
CVE-2003-0963
2004-01-05 05:00:00