Turbolinux Local Security Tests : Turbolinux TLSA-2004-2 (lftp)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52875

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2004-2 (lftp)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to lftp
announced via advisory TLSA-2004-2.

The lftp is a shell-like command line ftp client.
A buffer overflow vulnerability was discovered in the lftp FTP client
when connecting to a web server using HTTP or HTTPS and using the ls or rels
command on specially prepared directory.

The attacker could execute arbitrary code on the users machine.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-2

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 9212
Common Vulnerability Exposure (CVE) ID: CVE-2003-0963
Bugtraq: 20031212 [slackware-security] lftp security update (SSA:2003-346-01) (Google Search)
http://marc.info/?l=bugtraq&m=107126386226196&w=2
Bugtraq: 20031213 lftp buffer overflows (Google Search)
http://marc.info/?l=bugtraq&m=107152267121513&w=2
Bugtraq: 20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp) (Google Search)
http://marc.info/?l=bugtraq&m=107167974714484&w=2
Bugtraq: 20031218 GLSA: lftp (200312-07) (Google Search)
http://marc.info/?l=bugtraq&m=107177409418121&w=2
Conectiva Linux advisory: CLA-2004:800
http://marc.info/?l=bugtraq&m=107340499504411&w=2
Debian Security Information: DSA-406 (Google Search)
http://www.debian.org/security/2004/dsa-406
http://www.mandriva.com/security/advisories?name=MDKSA-2003:116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180
http://www.redhat.com/support/errata/RHSA-2003-403.html
http://www.redhat.com/support/errata/RHSA-2003-404.html
http://secunia.com/advisories/10525
http://secunia.com/advisories/10548
SGI Security Advisory: 20040101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SuSE Security Announcement: SuSE-SA:2003:051 (Google Search)
http://www.novell.com/linux/security/advisories/2003_051_lftp.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52875
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2004-2 (lftp)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to lftp announced via advisory TLSA-2004-2. The lftp is a shell-like command line ftp client. A buffer overflow vulnerability was discovered in the lftp FTP client when connecting to a web server using HTTP or HTTPS and using the ls or rels command on specially prepared directory. The attacker could execute arbitrary code on the users machine. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-2 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 9212 Common Vulnerability Exposure (CVE) ID: CVE-2003-0963 Bugtraq: 20031212 [slackware-security] lftp security update (SSA:2003-346-01) (Google Search) http://marc.info/?l=bugtraq&m=107126386226196&w=2 Bugtraq: 20031213 lftp buffer overflows (Google Search) http://marc.info/?l=bugtraq&m=107152267121513&w=2 Bugtraq: 20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp) (Google Search) http://marc.info/?l=bugtraq&m=107167974714484&w=2 Bugtraq: 20031218 GLSA: lftp (200312-07) (Google Search) http://marc.info/?l=bugtraq&m=107177409418121&w=2 Conectiva Linux advisory: CLA-2004:800 http://marc.info/?l=bugtraq&m=107340499504411&w=2 Debian Security Information: DSA-406 (Google Search) http://www.debian.org/security/2004/dsa-406 http://www.mandriva.com/security/advisories?name=MDKSA-2003:116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180 http://www.redhat.com/support/errata/RHSA-2003-403.html http://www.redhat.com/support/errata/RHSA-2003-404.html http://secunia.com/advisories/10525 http://secunia.com/advisories/10548 SGI Security Advisory: 20040101-01-U ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc SuSE Security Announcement: SuSE-SA:2003:051 (Google Search) http://www.novell.com/linux/security/advisories/2003_051_lftp.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com