Debian: moxftp buffer overflow vulnerability

    Date09 Apr 2003
    CategoryDebian
    2290
    Posted ByLinuxSecurity Advisories
    Insufficient bounds checking could lead to execution of arbitrary code, provided by a malicious FTP server.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 281-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    April 8th, 2003                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : moxftp
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE Id         : CAN-2003-0203
    
    Knud Erik Højgaard discovered a vulnerability in moxftp (and xftp
    respectively), an Athena X interface to FTP.  Insufficient bounds
    checking could lead to execution of arbitrary code, provided by a
    malicious FTP server.   Erik Tews fixed this.
    
    For the stable distribution (woody) this problem has been fixed in
    version 2.2-18.1.
    
    For the old stable distribution (potato) this problem has been fixed
    in version 2.2-13.1.
    
    For the unstable distribution (sid) this problem has been fixed
    in version 2.2-18.20.
    
    We recommend that you upgrade your xftp package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2-13.1.dsc
          Size/MD5 checksum:      561 ad7b7294a9bbfb6d612ddf5e1a917d6e
         http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2-13.1.diff.gz
          Size/MD5 checksum:    35420 3b770b2cdff02d1a96d0c007f75a3a62
         http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2.orig.tar.gz
          Size/MD5 checksum:   937939 2c466b136a0adb20f9d62f2749c283ad
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_alpha.deb
          Size/MD5 checksum:   225260 7f9c2a5468d1318c42d2b9b94a34abc5
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_arm.deb
          Size/MD5 checksum:   174544 ab1bf4ae23a81dd913ee15928850dc68
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_i386.deb
          Size/MD5 checksum:   164102 633906e41fb0f661929409b5adc5212b
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_m68k.deb
          Size/MD5 checksum:   155636 4a902000f5e9ac9e2d173667aa3bb71d
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_powerpc.deb
          Size/MD5 checksum:   184736 741ba17ab314833039a78c7b225025f2
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_sparc.deb
          Size/MD5 checksum:   179054 c98e29ba6d2517a837fe3bebd15422bc
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2-18.1.dsc
          Size/MD5 checksum:      567 02f4161e56d5fa054ae6e8a56209d1a2
         http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2-18.1.diff.gz
          Size/MD5 checksum:    34166 db8798b3d175cae96e78b0e318ce9f6c
         http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2.orig.tar.gz
          Size/MD5 checksum:   937939 2c466b136a0adb20f9d62f2749c283ad
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_alpha.deb
          Size/MD5 checksum:   219866 f92ec2e807a83d519b41730899db9d93
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_arm.deb
          Size/MD5 checksum:   175714 9f5a9d5957eca736e092651d636c7b0a
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_i386.deb
          Size/MD5 checksum:   164724 5db825ca517be4df03976bd4b11fa518
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_ia64.deb
          Size/MD5 checksum:   276338 0380683fcbaa6b3485df82181f82d325
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_hppa.deb
          Size/MD5 checksum:   201558 e7c9933ee622678bdedd9b01b494a92b
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_m68k.deb
          Size/MD5 checksum:   155354 d89563cdd8c740683d9544eabd4ff335
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_mips.deb
          Size/MD5 checksum:   202406 18c9a473e48d1104a4fbd94366b2dcc8
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_mipsel.deb
          Size/MD5 checksum:   200754 a89ee695bd86a51783d27383fb50d746
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_powerpc.deb
          Size/MD5 checksum:   185086 fe451dd341eb07a72f58200fd91819c5
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_s390.deb
          Size/MD5 checksum:   174340 04c6b8a63ecfcac0b5209bbe6eee9fd9
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_sparc.deb
          Size/MD5 checksum:   178416 38b078edb86b7dcb594404d92cbec3e8
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.