lftp Try_Netscape_Proxy Buffer Overflow Vulnerability

It has been reported that the lftp file transfer client is vulnerable to a remotely exploitable buffer overflow condition. The vulnerability is present when lftp is used to retrieve content from a remote HTTP server. According to the report, the client does not properly handle special directories that exist on the server. These failures can be exploited by operators of web servers to execute arbitrary instructions on the host running lftp. Any such code would run with the privileges of the user who invoked lftp.

** This BID, originally entitled "LFTP Undisclosed HTML Parsing Vulnerability" described an issue that was also covered in BID 9212 "lftp Buffer Overflow Vulnerabilities". This BID has been revised with information from one of the vulnerabilities originally described in BID 9212. BID 9212 has also been revised to describe the other issue.


Privacy Statement
Copyright 2010, SecurityFocus