Gentoo Security Advisory GLSA 200312-07 (lftp) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200312-07.

Solution

All Gentoo users who have net-ftp/lftp installed should update to use version 2.6.0 or higher using these commands: # emerge sync # emerge -pv '>=net-ftp/lftp-2.6.10' # emerge '>=net-ftp/lftp-2.6.10' # emerge clean http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200312-07 http://bugs.gentoo.org/show_bug.cgi?id=35866 http://www.securityfocus.com/archive/1/347587/2003-12-13/2003-12-19/0

Insight

Two buffer overflow problems are found in lftp that, in case the user visits a malicious ftp server, could lead to malicious code being executed.

Severity

Classification

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200405-04 (openoffice)
Gentoo Security Advisory GLSA 200402-07 (clamav)
Gentoo Security Advisory GLSA 200502-16 (htdig)
Gentoo Security Advisory GLSA 200406-04 (mailman)
Gentoo Security Advisory GLSA 200406-08 (Squirrelmail)

Take action and discover your vulnerabilities