Red Hat Bugzilla – Bug 405841
CVE-2007-5769 ftp: netkit ftp - use of uninitialized variable
Last modified: 2007-12-06 12:03:32 EST
Several problems with use of uninitialized variables were reported by VenusTech
for netkit ftpd (server) and ftp (client). Those problem can cause ftpd or ftp
Created attachment 273771 [details]
Original advisory text
Only netkit ftp client is shipped with Red Hat Enterprise Linux and Fedora.
Problematic code possibly causing ftp client crash was introduced in the fix for
bug #122295, which fixes other possible client crashes. This patch is included
in ftp packages as shipped with Red Hat Enterprise Linux 4 and 5.
In Fedora, this problem was already fixed thanks to bug #251074.
Red Hat does not consider a user assisted client crash such as this to be a
Separate CVE ids were assigned by Mitre to ftp (client) and ftpd (server) issues:
Double-free vulnerability in the getreply function in ftp.c in netkit
ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to
cause a denial of service (application crash) and possibly have
unspecified other impact via some types of FTP protocol behavior.
NOTE: the netkit-ftpd issue is covered by CVE-2007-6263.
The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17,
when certain modifications to support SSL have been introduced, calls
fclose on an uninitialized file stream, which allows remote attackers
to cause a denial of service (daemon crash) and possibly have
unspecified other impact via some types of FTP over SSL protocol
behavior, as demonstrated by breaking a passive FTP DATA connection in
a way that triggers an error in the server's SSL_accept function.
NOTE: the netkit ftp issue is covered by CVE-2007-5769.
netkit ftpd is not shipped with Red Hat Enterprise Linux or Fedora.