Bug 405841 - (CVE-2007-5769) CVE-2007-5769 ftp: netkit ftp - use of uninitialized variable
CVE-2007-5769 ftp: netkit ftp - use of uninitialized variable
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
source=gentoo,reported=20071115,publi...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-30 08:21 EST by Tomas Hoger
Modified: 2007-12-06 12:03 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-03 11:11:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Original advisory text (3.58 KB, text/plain)
2007-11-30 08:21 EST, Tomas Hoger
no flags Details

  None (edit)
Description Tomas Hoger 2007-11-30 08:21:29 EST
Several problems with use of uninitialized variables were reported by VenusTech
for netkit ftpd (server) and ftp (client).  Those problem can cause ftpd or ftp
to crash.

References:
http://bugs.gentoo.org/show_bug.cgi?id=199206
Comment 1 Tomas Hoger 2007-11-30 08:21:29 EST
Created attachment 273771 [details]
Original advisory text
Comment 4 Tomas Hoger 2007-12-03 11:09:24 EST
Only netkit ftp client is shipped with Red Hat Enterprise Linux and Fedora.

Problematic code possibly causing ftp client crash was introduced in the fix for
bug #122295, which fixes other possible client crashes.  This patch is included
in ftp packages as shipped with Red Hat Enterprise Linux 4 and 5.

In Fedora, this problem was already fixed thanks to bug #251074.
Comment 5 Tomas Hoger 2007-12-03 11:11:06 EST
Red Hat does not consider a user assisted client crash such as this to be a
security flaw.
Comment 6 Tomas Hoger 2007-12-06 11:51:30 EST
Separate CVE ids were assigned by Mitre to ftp (client) and ftpd (server) issues:

CVE-2007-5769
Double-free vulnerability in the getreply function in ftp.c in netkit
ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to
cause a denial of service (application crash) and possibly have
unspecified other impact via some types of FTP protocol behavior.
NOTE: the netkit-ftpd issue is covered by CVE-2007-6263.

CVE-2007-6263
The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17,
when certain modifications to support SSL have been introduced, calls
fclose on an uninitialized file stream, which allows remote attackers
to cause a denial of service (daemon crash) and possibly have
unspecified other impact via some types of FTP over SSL protocol
behavior, as demonstrated by breaking a passive FTP DATA connection in
a way that triggers an error in the server's SSL_accept function.
NOTE: the netkit ftp issue is covered by CVE-2007-5769.


netkit ftpd is not shipped with Red Hat Enterprise Linux or Fedora.

Note You need to log in before you can comment on or make changes to this bug.