• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

JFTPGW Remote Syslog Format String Vulnerability

Solution:
Please see Debian advisory DSA 510-1 to details on how to obtain fixes to address the issue.

OpenBSD includes the software in their ports collection. OpenBSD has updated the port to version 0.13.5 in CVS.

The vendor released jftpgw 0.13.4 to address this issue.


jftpgw jftpgw 0.13

• jftpgw jftpgw-0.13.4.tar.gz
  http://www.mcknight.de/jftpgw/jftpgw-0.13.4.tar.gz

jftpgw jftpgw 0.13.1

• Debian jftpgw_0.13.1-1woody1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1w oody1_alpha.deb


• Debian jftpgw_0.13.1-1woody1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1w oody1_arm.deb


• Debian jftpgw_0.13.1-1woody1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1w oody1_hppa.deb


• Debian jftpgw_0.13.1-1woody1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1w oody1_i386.deb


• Debian jftpgw_0.13.1-1woody1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1w oody1_ia64.deb


• Debian jftpgw_0.13.1-1woody1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1w oody1_m68k.deb


• Debian jftpgw_0.13.1-1woody1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1w oody1_mips.deb


• Debian jftpgw_0.13.1-1woody1_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1w oody1_mipsel.deb


• Debian jftpgw_0.13.1-1woody1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1w oody1_powerpc.deb


• Debian jftpgw_0.13.1-1woody1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1w oody1_s390.deb


• Debian jftpgw_0.13.1-1woody1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1w oody1_sparc.deb


• jftpgw jftpgw-0.13.4.tar.gz
  http://www.mcknight.de/jftpgw/jftpgw-0.13.4.tar.gz

jftpgw jftpgw 0.13.2

• jftpgw jftpgw-0.13.4.tar.gz
  http://www.mcknight.de/jftpgw/jftpgw-0.13.4.tar.gz

jftpgw jftpgw 0.13.3

• jftpgw jftpgw-0.13.4.tar.gz
  http://www.mcknight.de/jftpgw/jftpgw-0.13.4.tar.gz