Debian 3.0 DSA 447-2 Urgent: Hsftp Buffer Overflow Remote Attack
debian
February 23, 2004
An attacker, able to create files on a remote server, could potentially execute arbitrary code with the privileges of the user invoking hsftp.
Topics Covered
Summary
During an audit, Ulf Harnhammar discovered a format string
vulnerability in hsftp. This vulnerability could be exploited by an
attacker able to create files on a remote server with carefully
crafted names, to which a user would connect using hsftp. When the
user requests a directory listing, particular bytes in memory could be
overwritten, potentially allowing arbitrary code to be executed with
the privileges of the user invoking hsftp.
Note that while hsftp is installed setuid root, it only uses these
privileges to acquire locked memory, and then relinquishes them.
For the current stable distribution (woody) this problem has been
fixed in version 1.11-1woody1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you update your hsftp package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: hsftp
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!