Debian 2.2 DSA-055-1 Critical: gftp printf Attack Mitigation
debian
May 8, 2001
The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code.
Topics Covered
Summary
Package : gftp
Problem type : printf format attack
Debian-specific: no
The gftp package as distributed with Debian GNU/Linux 2.2 has a problem
in its logging code: it logged data received from the network but it did
not protect itself from printf format attacks. An attacker can use this
by making a FTP server return special responses that exploit this.
This has been fixed in version 2.0.6a-3.1, and we recommend that you
upgrade your gftp package.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
MD5 checksum: 23df5107a21eaa36b3dcc50367bd3b46
MD5 checksum: b99704d17c10b1f2bbbb80d430b55d21
MD5 checksum: 8eba39ab947712b46756b4e014b72e8c
Alpha architecture:
MD5 checksum: 7df9efccb67296eb2df1e070e66add80
ARM architecture:
MD5 checks...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!