Multiple Vendor BSD ftpd glob() Buffer Overflow Vulnerabilities

Solution:
MandrakeSoft released and advisory stating that the version of Proftpd distributed as part of Mandrake Linux is not vulnerable to glob() related buffer overflows.

OpenBSD has released a patch for the OpenBSD ftp daemon.

MIT has released source code patches for the ftp daemon shipped with Kerberos 5 1.2.2. Networks running older versions of Kerberos 5 should upgrade to 1.2.2, and apply the patch (listed below).

RedHat has released upgraded versions of their Kerberos 5 packages.

Immunix has released upgraded versions of their Kerberos 5 packages.

HP/Compaq has released fixes for Tru64.


MIT Kerberos 5 1.1.1

MIT Kerberos 5 1.2.2

OpenBSD OpenBSD 2.8

FreeBSD FreeBSD 3.0

FreeBSD FreeBSD 3.1

FreeBSD FreeBSD 3.2

FreeBSD FreeBSD 3.3

FreeBSD FreeBSD 3.4

FreeBSD FreeBSD 3.5

FreeBSD FreeBSD 3.5.1

FreeBSD FreeBSD 4.0

Compaq Tru64 4.0 g PK3 (BL17)

Compaq Tru64 4.0 f PK7 (BL18)

FreeBSD FreeBSD 4.1

FreeBSD FreeBSD 4.1.1

FreeBSD FreeBSD 4.2

Compaq Tru64 5.0 a PK3 (BL17)


 

Privacy Statement
Copyright 2010, SecurityFocus