FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3961

This CVE name corresponds to:

Entered Topic
2007-11-05 gftp -- multiple vulnerabilities
2007-08-02 fsplib -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-3961 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-3961
Phase Assigned(20070725)

Description

Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added.

References

Source Reference
MISC http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.19&r2=1.20
CONFIRM http://fsp.cvs.sourceforge.net/fsp/fsplib/ChangeLog?revision=1.17&view=markup
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=188252
GENTOO GLSA-200711-01
MANDRIVA MDVSA-2008:018
OSVDB 38568
SECUNIA 26184
SECUNIA 26378
SECUNIA 27501

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.