LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

lftp buffer overflows

Package(s):lftp CVE #(s):CAN-2003-0963
Created:December 15, 2003 Updated:February 13, 2004
Description: According to this advisory versions of lftp prior to 2.6.10 are vulnerable to two exploitable buffer overflow problems. Both occur when you connect to a web server with lftp using HTTP or HTTPS, and then use lftp's "ls" or "rels" commands on specially prepared directories on the web server.
Alerts:
Whitebox WBSA-2003:404-01 2003-12-17
Conectiva CLA-2004:800 2004-01-06
Debian DSA-406-1 2004-01-05
Gentoo 200312-07 2003-12-16
OpenPKG OpenPKG-SA-2003.053 2003-12-17
Red Hat RHSA-2003:404-01 2003-12-16
Red Hat RHSA-2003:403-01 2003-12-16
Mandrake MDKSA-2003:116 2003-12-15
Fedora FEDORA-2003-034 2003-12-15
SuSE SuSE-SA:2003:051 2003-12-15
Immunix IMNX-2003-73-002-01 2003-12-09
Slackware SSA:2003-346-01 2003-12-12
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds