Bug 152908 - gftp: Directory traversal vulnerability (CAN-2005-0372)
gftp: Directory traversal vulnerability (CAN-2005-0372)
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: gftp (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://cve.mitre.org/cgi-bin/cvename....
1, LEGACY, QA, rh73, rh90
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-26 11:20 EST by David Eisenstein
Modified: 2007-04-18 13:22 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-10 17:28:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:31:43 EST
Directory traversal vulnerability in gftp 2.0.18 and earlier for GTK+ allows
remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences
in filenames returned from a LIST command.  (CAN-2005-0372)

From Debian, "Albert Puigsech Galicia discovered a directory traversal
vulnerability in a proprietary FTP client (CAN-2004-1376) which is also present
in gftp, a GTK+ FTP client.  A malicious server could provide a specially
crafted filename that could cause arbitrary files to be overwritten or created
by the client."  According to US-CERT, this vulnerability affects gFTP 0.1, 0.2,
0.21, 1.0, 1.1-1.13, 2.0-2.0.17.

RH 7.3 uses version gftp-2.0.11-2.
RH 9.0 uses version gftp-2.0.14-2.
FC 1   uses version gftp-2.0.17-0.FC1.

Debian offers a fix for gftp-2.0.11, in DSA-686-1 @
    <http://www.debian.org/security/2005/dsa-686>



------- Additional Comments From marcdeslauriers@videotron.ca 2005-03-09 15:11:57 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA:

Changelog:
* Wed Mar 09 2005 Marc Deslauriers <marcdeslauriers@videotron.ca> 2.0.11-2.1.legacy
- - Added security patch for CAN-2005-0372


d02a92da6324852aa7eb814a70e70b852169d4d6  7.3/gftp-2.0.11-2.1.legacy.i386.rpm
0a45ce107dae5a1035941a17eeb37dbb36d4acde  7.3/gftp-2.0.11-2.1.legacy.src.rpm
5f26f62c1d9954fa5aa1717db9e9a0a6f60e9c81  9/gftp-2.0.14-2.1.legacy.i386.rpm
a68107e8f49cbac4e82c3b6a1fbc62d745bfacc6  9/gftp-2.0.14-2.1.legacy.src.rpm
150e8af7b2000bc27accbd7336a9127c6114bef0  1/gftp-2.0.17-0.FC1.1.legacy.i386.rpm
2a69616570fd7b6391b28637fa6cc49487e8cfde  1/gftp-2.0.17-0.FC1.1.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/gftp-2.0.11-2.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/gftp-2.0.11-2.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gftp-2.0.14-2.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gftp-2.0.14-2.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/gftp-2.0.17-0.FC1.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/gftp-2.0.17-0.FC1.1.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCL57JLMAs/0C4zNoRAmn1AKCPYamgPclnXz9rwdECNZMLkcJJCgCdHfT8
wpyQsEulckzncqBCbbXGiyU=
=xM6J
-----END PGP SIGNATURE-----




------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:31 -------

This bug previously known as bug 2440 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2440
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Pekka Savola 2005-04-16 12:02:32 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA w/ rpm-build-compare.sh
 - source integrity good
 - spec file changes minimal
 - the changes are identical to debian's patch, some version specific tuning
   was needed, though.

+PUBLISH RHL73,RHL9,FC1

0a45ce107dae5a1035941a17eeb37dbb36d4acde  gftp-2.0.11-2.1.legacy.src.rpm
a68107e8f49cbac4e82c3b6a1fbc62d745bfacc6  gftp-2.0.14-2.1.legacy.src.rpm
2a69616570fd7b6391b28637fa6cc49487e8cfde  gftp-2.0.17-0.FC1.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCYTbHGHbTkzxSL7QRAtw5AJ9VAHiQLeP+xE7yUfhAh5gqWtDp6wCgwG8M
OpsSlBu0VchL+HRqRgj428s=
=LPwO
-----END PGP SIGNATURE-----
Comment 2 Marc Deslauriers 2005-05-05 22:09:09 EDT
Packages were pushed to updates-testing
Comment 3 Pekka Savola 2005-05-11 03:19:35 EDT
Tested on RHL9; signature OK, upgrade went well, gftp seemed to work OK after
the upgrade.
Comment 4 Pekka Savola 2005-05-31 03:18:23 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
RHL73 package verify.  Signature OK, basic file transfer seems to work
with both graphical and text client.
 
+VERIFY RHL73
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFCnA9bGHbTkzxSL7QRAocwAKDARVekWqHE9im/crlMMcJOBy7oNACghbW1
HBJrnYSO/vNKEKxJnRIU86o=
=MoRB
-----END PGP SIGNATURE-----
Comment 5 Pekka Savola 2005-06-16 08:40:15 EDT
2 verifys, timeout is two weeks.
Comment 6 Pekka Savola 2005-07-01 14:39:00 EDT
Timeout over, to be released.
Comment 7 Marc Deslauriers 2005-07-10 17:28:19 EDT
Packages were officially released.

Note You need to log in before you can comment on or make changes to this bug.