Debian: jftpgw Format string vulnerability

    Date08 Jun 2004
    CategoryDebian
    1859
    Posted ByLinuxSecurity Advisories
    A remote user could potentially cause arbitrary code to be executed with the privileges of the jftpgw server process.
    
    Debian Security Advisory DSA 510-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    May 29th, 2004                           http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : jftpgw
    Vulnerability  : format string
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2004-0448
    
    This email address is being protected from spambots. You need JavaScript enabled to view it. discovered a vulnerability in jftpgw, an FTP
    proxy program, whereby a remote user could potentially cause arbitrary
    code to be executed with the privileges of the jftpgw server process.
    By default, the server runs as user "nobody".
    
    CAN-2004-0448: format string vulnerability via syslog(3) in log()
    function
    
    For the current stable distribution (woody) this problem has been
    fixed in version 0.13.1-1woody1.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 0.13.4-1.
    
    We recommend that you update your jftpgw package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1.dsc
          Size/MD5 checksum:      589 6c0ed10f2034cefdbf338de14b8c26bf
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1.diff.gz
          Size/MD5 checksum:    19365 e34131b25f532be7e16c51030c55349f
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1.orig.tar.gz
          Size/MD5 checksum:   219139 9546400895b5fe54ad70dbb33f83c6a1
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_alpha.deb
          Size/MD5 checksum:    74918 53c4ed0d56bfdd42191405059376cc98
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_arm.deb
          Size/MD5 checksum:    57788 a3cadbfab75a3be17d0ef4d3da483504
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_i386.deb
          Size/MD5 checksum:    55924 b59ff3f29eb9803ebe06de132fbb2c24
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_ia64.deb
          Size/MD5 checksum:    98458 072000de165c9abb980c99241ad1282a
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_hppa.deb
          Size/MD5 checksum:    67726 e90daefe5490c21c7d442f33f2d68223
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_m68k.deb
          Size/MD5 checksum:    52158 d48c566a6fda177048e91e90f60c076a
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_mips.deb
          Size/MD5 checksum:    68020 60b41b05f85fc83affd559bca3f0fd6f
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_mipsel.deb
          Size/MD5 checksum:    68180 b966bab91c3bc469652874d6e18844f7
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_powerpc.deb
          Size/MD5 checksum:    60466 3363c313d0cb2a409ce5579697912afc
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_s390.deb
          Size/MD5 checksum:    57770 bfead388669f0fd30967e56b2b648c2c
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_sparc.deb
          Size/MD5 checksum:    60528 849fd4f56002ff1d8e4e4b08de7608f2
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.