FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2003-0963

This CVE name corresponds to:

Entered Topic
2003-12-12 lftp HTML parsing vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2003-0963
Phase Assigned(20031126)

Description

Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.

References

Source Reference
BUGTRAQ 20031213 lftp buffer overflows
BUGTRAQ 20031212 [slackware-security] lftp security update (SSA:2003-346-01)
REDHAT RHSA-2003:403
REDHAT RHSA-2003:404
MANDRAKE MDKSA-2003:116
SGI 20040202-01-U
SUSE SuSE-SA:2003:051
DEBIAN DSA-406
CONECTIVA CLA-2004:800
SGI 20040101-01-U
BUGTRAQ 20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp)
BUGTRAQ 20031218 GLSA: lftp (200312-07)
OVAL oval:org.mitre.oval:def:11180
SECUNIA 10525
SECUNIA 10548