gFTP远程格式化字符串漏洞

漏洞信息详情

gFTP远程格式化字符串漏洞

• CNNVD编号：CNNVD-200106-151
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-0489
  
• 漏洞类型：
  
  
  格式化字符串
  
• 发布时间：
  
  2001-06-27
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  gftp
• 漏洞来源：
  This vulnerability…

gftp 2.0.8之前版本存在格式化字符串漏洞。远程恶意FTP服务器执行任意命令。

This issue is resolved in version 2.0.8 and later of gFTP.
Several vendors have released advisories and updated packages which address this issue:
RedHat gftp-2.0.7b-3.i386.rpm

• Red Hat 7.1 i386 gftp-2.0.8-1.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/gftp-2.0.8-1.i386.rpm

RedHat gftp-2.0.7b-2.i386.rpm

• Red Hat 7.0 i386 gftp-2.0.8-1.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/gftp-2.0.8-1.i386.rpm

RedHat gftp-2.0.6a-3.i386.rpm

• Red Hat 6.2 i386 gftp-2.0.8-1.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/gftp-2.0.8-1.i386.rpm

gFTP gFTP 2.0.7

• Debian 2.2 alpha gftp_2.0.6a-3.1_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/gftp
  _2.0.6a-3.1_alpha.deb
• Debian 2.2 arm gftp_2.0.6a-3.1_arm.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-arm/gftp_2
  .0.6a-3.1_arm.deb
• Debian 2.2 i386 gftp_2.0.6a-3.1_i386.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-i386/gftp_
  2.0.6a-3.1_i386.deb
• Debian 2.2 m68k gftp_2.0.6a-3.1_m68k.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-m68k/gftp_
  2.0.6a-3.1_m68k.deb
• Debian 2.2 ppc gftp_2.0.6a-3.1_powerpc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/gf
  tp_2.0.6a-3.1_powerpc.deb
• Debian 2.2 sparc gftp_2.0.6a-3.1_sparc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-sparc/gftp
  _2.0.6a-3.1_sparc.deb
• Immunix 6.2 i386 gftp-2.0.8-1_StackGuard.i386.rpm
  
  http://immunix.org/ImmunixOS/6.2/updates/RPMS/gftp-2.0.8-1_StackGuard.
  i386.rpm
• Immunix 7.0 i386 gftp-2.0.8-1_imnx.i386.rpm
  
  http://immunix.org/ImmunixOS/7.0/updates/RPMS/gftp-2.0.8-1_imnx.i386.r
  pm
• MandrakeSoft 1.0.1 i386 gftp-2.0.8-1.2mdk.i586.rpm
  ftp://ftp.vlug.org/dists/mandrake/updates/1.0.1/RPMS/gftp-2.0.8-1.2mdk
  .i586.rpm
• MandrakeSoft 7.1 i386 gftp-2.0.8-1.2mdk.i586.rpm
  ftp://ftp.vlug.org/dists/mandrake/updates/7.1/RPMS/gftp-2.0.8-1.2mdk.i
  586.rpm
• MandrakeSoft 7.2 i386 gftp-2.0.8-1.1mdk.i586.rpm
  ftp://ftp.vlug.org/dists/mandrake/updates/7.2/RPMS/gftp-2.0.8-1.1mdk.i
  586.rpm
• MandrakeSoft 8.0 i386 gftp-2.0.8-1.1mdk.i586.rpm
  ftp://ftp.vlug.org/dists/mandrake/updates/8.0/RPMS/gftp-2.0.8-1.1mdk.i
  586.rpm
• Progeny 1.0 i386 gftp-common_2.0.8-1progeny1_i386.deb
  
  http://archive.progeny.com/progeny/updates/newton/gftp-common_2.0.8-1p
  rogeny1_i386.deb
• Progeny 1.0 i386 gftp-gtk_2.0.8-1progeny1_i386.deb
  
  http://archive.progeny.com/progeny/updates/newton/gftp-gtk_2.0.8-1prog
  eny1_i386.deb
• Progeny 1.0 i386 gftp-text_2.0.8-1progeny1_i386.deb
  
  http://archive.progeny.com/progeny/updates/newton/gftp-text_2.0.8-1pro
  geny1_i386.deb
• Progeny 1.0 i386 gftp_2.0.8-1progeny1_i386.deb
  
  http://archive.progeny.com/progeny/updates/newton/gftp_2.0.8-1progeny1
  _i386.deb

来源: REDHAT
名称: RHSA-2001:053
链接:http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0043.html

来源: XF
名称: gftp-format-string(6478)
链接:http://xforce.iss.net/static/6478.php

来源: BID
名称: 2657
链接:http://www.securityfocus.com/bid/2657

来源: OSVDB
名称: 1805
链接:http://www.osvdb.org/1805

来源: DEBIAN
名称: DSA-057
链接:http://www.debian.org/security/2001/dsa-057

来源: VULN-DEV
名称: 20010417 gftp exploitable?
链接:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html