Red Hat Bugzilla – Bug 111717
CAN-2003-0963 lftp client buffer overflow
Last modified: 2007-11-30 17:06:53 EST
Ulf Harnhammar found a buffer overflow in lftp which can occur
when a user connects to a web server under the control of an attacker
and then uses ls or rels on a carefully crafted directory. Affects
2.3.0-2.6.9 at least.
Reported Dec05, co-ordinated release date Dec16 1400GMT
CAN-2003-0963 Affects: 2.1AS 2.1AW 2.1ES 2.1WS
CAN-2003-0963 Affects: 3AS 3ES 3WS
Errata in progress.
(actually was made public last week, opening up bug entry)
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.