Fedora Account System
Red Hat Associate
Red Hat Customer
Several problems with use of uninitialized variables were reported by VenusTech for netkit ftpd (server) and ftp (client). Those problem can cause ftpd or ftp to crash. References: http://bugs.gentoo.org/show_bug.cgi?id=199206
Created attachment 273771 [details] Original advisory text
Only netkit ftp client is shipped with Red Hat Enterprise Linux and Fedora. Problematic code possibly causing ftp client crash was introduced in the fix for bug #122295, which fixes other possible client crashes. This patch is included in ftp packages as shipped with Red Hat Enterprise Linux 4 and 5. In Fedora, this problem was already fixed thanks to bug #251074.
Red Hat does not consider a user assisted client crash such as this to be a security flaw.
Separate CVE ids were assigned by Mitre to ftp (client) and ftpd (server) issues: CVE-2007-5769 Double-free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is covered by CVE-2007-6263. CVE-2007-6263 The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769. netkit ftpd is not shipped with Red Hat Enterprise Linux or Fedora.