Debian Security Advisory DSA 406-1 (lftp) Network Vulnerability

Summary

The remote host is missing an update to lftp announced via advisory DSA 406-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20406-1

Insight

Ulf Harnhammar discovered a buffer overflow in lftp, a set of sophisticated command-line FTP/HTTP client programs. An attacker could create a carefully crafted directory on a website so that the execution of an 'ls' or 'rels' command would lead to the execution of arbitrary code on the client machine. For the stable distribution (woody) this problem has been fixed in version 2.4.9-1woody2. For the unstable distribution (sid) this problem has been fixed in version 2.6.10-1.

Severity

Classification

CVE CVE-2003-0963

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 060-1 (fetchmail)
Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)
Debian Security Advisory DSA 1016-1 (evolution)
Debian Security Advisory DSA 1020-1 (flex)
Debian Security Advisory DSA 1037-1 (zgv)

Take action and discover your vulnerabilities