gFTP Remote Format String Vulnerability

gFTP is a freely available graphical file transfer client for UNIX based machines running X11R6 or later. It includes support for file transfers using the FTP, HTTP, and SSH protocols.

A format string bug exists in the facility used by the gftp client program to log FTP and HTTP responses. As a result, it may be possible for a malicious remote server to execute arbitrary code on a user's system.


Privacy Statement
Copyright 2010, SecurityFocus