Bug 36479 - gftp<2.0.8 has format string errors
Summary: gftp<2.0.8 has format string errors
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: gftp   
(Show other bugs)
Version: 1.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Havoc Pennington
QA Contact: Aaron Brown
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-04-18 13:46 UTC by Jarno Huuskonen
Modified: 2007-04-18 16:32 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-04-18 18:19:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2001:053 normal SHIPPED_LIVE : gftp format string vulnerability corrected 2001-04-20 04:00:00 UTC

Description Jarno Huuskonen 2001-04-18 13:46:36 UTC
gftp has format string errors in server response code.
"Changes from 2.0.7b to 2.0.8pre1
Fixed format string security problem in logging of ftp and http responses"

Server can crash/run code in gftp-client. This same problem is in
earlier Red Hat gftp releases.

Comment 1 Havoc Pennington 2001-04-18 18:19:38 UTC
I mailed the upstream author to ask if we should use the beta or backport the
fix to the stable version.


Note You need to log in before you can comment on or make changes to this bug.