lftp Try_Netscape_Proxy Buffer Overflow Vulnerability

Solution:
The vulnerability is fixed in version 2.6.10:

http://lftp.yar.ru/get.html

A patch that applies to 2.6.9 is also available:

http://labben.abm.uu.se/~ulha9485/lftp-advisory-data.tar.gz

OpenPKG has released an advisory (OpenPKG-SA-2003.053) with fixes to address these issues. Please see the referenced advisory for further information. Fixes are linked below.

SuSE has released an advisory with fixes to address these issues. Please see the referenced advisory for more information.

RedHat has released fixes for the Fedora project. Users are advised to download the fixed packages.

Mandrake has released advisory MDKSA-2003:116 with fixes to address this issue.

Red Hat has released security advisory RHSA-2003:403-01 to address this issue. Additionally, Red Hat has released advisory RHSA-2003:404-08 to address this issue in affected Enterprise operating systems. Users are advised to run up2date to resolve this issue.

Gentoo has released advisory 200312-07 to address this issue. Affected users are advised to execute the following commands:

emerge sync
emerge -pv '>=net-ftp/lftp-2.6.10'
emerge '>=net-ftp/lftp-2.6.10'
emerge clean

Slackware have released an advisory (SSA:2003-346-01) and fixes to address this issue.

Debian has released advisory DSA 406-1 to address this issue.

Conectiva has released advisory CLA-2004:800 to address this issue.

SGI has released SGI Advanced Linux Environment security update #8 (20040101-01-U) to provide fixes for this issue. Please see the attached advisory for more details.

TurboLinux has released advisory TLSA-2004-2 to address this issue. Please see the reference section for more details.

SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below:


Slackware Linux -current

SGI ProPack 2.3

SGI ProPack 2.4

Alexander V. Lukyanov lftp 2.4.9

Alexander V. Lukyanov lftp 2.5.2

Alexander V. Lukyanov lftp 2.6 .0

Alexander V. Lukyanov lftp 2.6.3

Alexander V. Lukyanov lftp 2.6.4

Alexander V. Lukyanov lftp 2.6.5

Alexander V. Lukyanov lftp 2.6.6

Alexander V. Lukyanov lftp 2.6.9

Slackware Linux 8.1

Slackware Linux 9.0

Slackware Linux 9.1


 

Privacy Statement
Copyright 2010, SecurityFocus