Bug 405841 (CVE-2007-5769) - CVE-2007-5769 ftp: netkit ftp - use of uninitialized variable
Summary: CVE-2007-5769 ftp: netkit ftp - use of uninitialized variable
Status: CLOSED NOTABUG
Alias: CVE-2007-5769
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: source=gentoo,reported=20071115,publi...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-30 13:21 UTC by Tomas Hoger
Modified: 2019-06-08 12:25 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2007-12-03 16:11:06 UTC


Attachments (Terms of Use)
Original advisory text (3.58 KB, text/plain)
2007-11-30 13:21 UTC, Tomas Hoger
no flags Details

Description Tomas Hoger 2007-11-30 13:21:29 UTC
Several problems with use of uninitialized variables were reported by VenusTech
for netkit ftpd (server) and ftp (client).  Those problem can cause ftpd or ftp
to crash.

References:
http://bugs.gentoo.org/show_bug.cgi?id=199206

Comment 1 Tomas Hoger 2007-11-30 13:21:29 UTC
Created attachment 273771 [details]
Original advisory text

Comment 4 Tomas Hoger 2007-12-03 16:09:24 UTC
Only netkit ftp client is shipped with Red Hat Enterprise Linux and Fedora.

Problematic code possibly causing ftp client crash was introduced in the fix for
bug #122295, which fixes other possible client crashes.  This patch is included
in ftp packages as shipped with Red Hat Enterprise Linux 4 and 5.

In Fedora, this problem was already fixed thanks to bug #251074.


Comment 5 Tomas Hoger 2007-12-03 16:11:06 UTC
Red Hat does not consider a user assisted client crash such as this to be a
security flaw.

Comment 6 Tomas Hoger 2007-12-06 16:51:30 UTC
Separate CVE ids were assigned by Mitre to ftp (client) and ftpd (server) issues:

CVE-2007-5769
Double-free vulnerability in the getreply function in ftp.c in netkit
ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to
cause a denial of service (application crash) and possibly have
unspecified other impact via some types of FTP protocol behavior.
NOTE: the netkit-ftpd issue is covered by CVE-2007-6263.

CVE-2007-6263
The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17,
when certain modifications to support SSL have been introduced, calls
fclose on an uninitialized file stream, which allows remote attackers
to cause a denial of service (daemon crash) and possibly have
unspecified other impact via some types of FTP over SSL protocol
behavior, as demonstrated by breaking a passive FTP DATA connection in
a way that triggers an error in the server's SSL_accept function.
NOTE: the netkit ftp issue is covered by CVE-2007-5769.


netkit ftpd is not shipped with Red Hat Enterprise Linux or Fedora.



Note You need to log in before you can comment on or make changes to this bug.