36479 – gftp<2.0.8 has format string errors

Bug 36479 - gftp<2.0.8 has format string errors

Summary: gftp<2.0.8 has format string errors

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Raw Hide
Classification:	Retired
Component:	gftp
Sub Component:
Version:	1.0
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Havoc Pennington
QA Contact:	Aaron Brown
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-04-18 13:46 UTC by Jarno Huuskonen
Modified:	2007-04-18 16:32 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-04-18 18:19:42 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2001:053	0	normal	SHIPPED_LIVE	: gftp format string vulnerability corrected	2001-04-20 04:00:00 UTC

Description Jarno Huuskonen 2001-04-18 13:46:36 UTC

gftp has format string errors in server response code.
"Changes from 2.0.7b to 2.0.8pre1
Fixed format string security problem in logging of ftp and http responses"

Server can crash/run code in gftp-client. This same problem is in
earlier Red Hat gftp releases.

Comment 1 Havoc Pennington 2001-04-18 18:19:38 UTC

I mailed the upstream author to ask if we should use the beta or backport the
fix to the stable version.

Note You need to log in before you can comment on or make changes to this bug.