Mandriva Update For Gftp MDVSA-2008:018 (gftp) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Kalle Olavi Niemitalo found two boundary errors in the fsplib library, a copy of which is included in gFTP source. A remote attacer could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name, possibly resulting in the execution of arbitrary code (CVE-2007-3962) or a denial of service (CVE-2007-3961). The updated packages have been patched to correct these issues.

Affected

gftp on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-3961, CVE-2007-3962

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:006 (openoffice.org)
Mandrake Security Advisory MDVSA-2009:009 (kvm)
Mandrake Security Advisory MDVSA-2009:134 (firefox)
Mandrake Security Advisory MDVSA-2009:013 (mplayer)
Mandrake Security Advisory MDVSA-2009:041 (jhead)

Mandriva Update for gftp MDVSA-2008:018 (gftp)

Take action and discover your vulnerabilities